Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] permission question about /var/lib/condor/spool/local_univ_execute and /var/lib/condor/execute
- Date: Tue, 22 Apr 2025 20:17:00 +0000
- From: Jaime Frey <jfrey@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] permission question about /var/lib/condor/spool/local_univ_execute and /var/lib/condor/execute
Those permissions do not need to be 1777. Older versions of HTCondor (before 9.011) assigned those permissions so that an execute directory on an NFS volume with root-squash would work. Current versions of HTCondor expect the permissions to be 0755, but wonât object if theyâre laxer. The directories do need to be owned by the condor user.
- Jaime
> On Apr 21, 2025, at 5:32âPM, Lee Damon <lvd@xxxxxx> wrote:
>
> We're going through the unbelievably fun process of implementing OpenSCAP auditing on our AlmaLinux 9 hosts. One of the fail flags we're hitting is
>
> "Ensure All World-Writable Directories Are Owned by root User"
>
> which is failing on /var/lib/condor/spool/local_univ_execute and /var/lib/condor/execute, both of which are 1777 condor:condor.
>
> So, doing due-diligance I have to ask if these need to have those permissions.
>
> : || lvd@gertrude ~ [1027] ; rpm -qf /var/lib/condor/spool/local_univ_execute /var/lib/condor/execute
> file /var/lib/condor/spool/local_univ_execute is not owned by any package
> condor-24.6.1-1.el9.x86_64
>
> My suspicion is the answer is yes they do - though I'm darned if I know why - since changing them to be root:condor causes the host to stop accepting jobs. I'd love to know why that is the case, though.
>
> thanks,
> nomad