[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] permission question about /var/lib/condor/spool/local_univ_execute and /var/lib/condor/execute



Those permissions do not need to be 1777. Older versions of HTCondor (before 9.011) assigned those permissions so that an execute directory on an NFS volume with root-squash would work. Current versions of HTCondor expect the permissions to be 0755, but wonât object if theyâre laxer. The directories do need to be owned by the condor user.

 - Jaime

> On Apr 21, 2025, at 5:32âPM, Lee Damon <lvd@xxxxxx> wrote:
> 
> We're going through the unbelievably fun process of implementing OpenSCAP auditing on our AlmaLinux 9 hosts. One of the fail flags we're hitting is
> 
> "Ensure All World-Writable Directories Are Owned by root User"
> 
> which is failing on /var/lib/condor/spool/local_univ_execute and /var/lib/condor/execute, both of which are 1777 condor:condor.
> 
> So, doing due-diligance I have to ask if these need to have those permissions.
> 
> : || lvd@gertrude ~ [1027] ; rpm -qf /var/lib/condor/spool/local_univ_execute /var/lib/condor/execute
> file /var/lib/condor/spool/local_univ_execute is not owned by any package
> condor-24.6.1-1.el9.x86_64
> 
> My suspicion is the answer is yes they do - though I'm darned if I know why - since changing them to be root:condor causes the host to stop accepting jobs. I'd love to know why that is the case, though.
> 
> thanks,
> nomad