Ood-portal-generator permissions being too open

arhat · May 28, 2026, 9:47pm

Hi all,

I found that Open OnDemand’s ood-portal-generator (/opt/ood/ood-portal-generator/sbin/update_ood_portal) has wide permissions. This becomes a concern for OOD portal that’s running on login node(s), this permission is wide open because any random user can execute this executable and may create a problem. What’s the best practice to follow here? Would changing permission to 700 or something similar impact anything or should I go ahead and change the permission of this directory /opt/ood/ using chmod -R 700 /opt/ood?

root@login-node:/# ll /opt/ood/ood-portal-generator/sbin/
-rwxr-xr-x  1 root root  671 Aug 15  2025 update_ood_portal*

Thank you!

Best,
Arhat Kobawala
Stanford University

bsingleton · May 29, 2026, 3:19pm

While the executable may be 755, the actual configuration files touched by it need advanced permissions so it requires sudo to do anything of impact. That said, you would be fine to reduce permissions on it without affecting regular users, though an admin may have to chmod it back the next time it is used.

Topic		Replies	Views
Permissions for ~/ondemand directory (OOD_DATAROOT) Get Help	1	70	November 20, 2025
Permissions for OOD interactive apps staging dirs Get Help	7	163	March 21, 2025
OOD internal server error Get Help	8	696	July 8, 2022
Bc_desktop script.sh.erb permissions possible (re)set wrong after updating Get Help question	4	333	April 5, 2023
OOD update from 1.5 to 1.6 experience Feature Requests and Roadmap Discussion	3	1546	August 23, 2019

Ood-portal-generator permissions being too open

Related topics