We’ve been scratching our heads on why are new user’s OOD’s interactive apps staging dirs in ondemand/data/sys/dashboard/batch_connect/sys/ having permission 700 since about the update we did last summer. This makes it very difficult to troubleshoot failed jobs as our support people don’t have root on our systems so they can’t see it.
Thanks Jeff. What would be the security issue? The server credentials files (like connection.yml in RStudio Server) are set to 700 even if the dir permissions are 755 - via the umask in the job_script_content.sh. Other files in there are scripts, SLURM job parameters, and logs, which all don’t have any unsecure info.
Maybe it’s not an issue of security, but rather privacy? IDK - I didn’t leave any comments, but my default position with anything like this is to be conservative, so that’s at least why I changed it to 700.