From 03af59cd6d0486738aedd380028f4b470a9c42c1 Mon Sep 17 00:00:00 2001 From: Giacomo Marciani Date: Mon, 23 Sep 2024 13:05:34 +0200 Subject: [PATCH] [Directories] Set /etc permissions to 0755. This is the default permission in Linux, but it was unintentionally changed in Rocky9.4 (https://forums.rockylinux.org/t/changed-permissions-on-etc-in-rl9-4-genericcloud-image/14449) breaking Munge, which requires the folder to be 0755. Signed-off-by: Giacomo Marciani --- .../recipes/install/directories.rb | 10 ++++++++++ .../spec/unit/recipes/directories_spec.rb | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/cookbooks/aws-parallelcluster-platform/recipes/install/directories.rb b/cookbooks/aws-parallelcluster-platform/recipes/install/directories.rb index e09164868..33e25f7c1 100644 --- a/cookbooks/aws-parallelcluster-platform/recipes/install/directories.rb +++ b/cookbooks/aws-parallelcluster-platform/recipes/install/directories.rb @@ -29,3 +29,13 @@ mode '1777' recursive true end + +# The default permission for directory /etc is 0755. +# However, in Rocky9.4 it was unintentionally changed to 0777, +# causing issues with Munge, that fails to start if /etc has group-writable permission without sticky bit. +# See https://forums.rockylinux.org/t/changed-permissions-on-etc-in-rl9-4-genericcloud-image/14449 +directory '/etc' do + owner 'root' + mode '0755' + recursive false +end diff --git a/cookbooks/aws-parallelcluster-platform/spec/unit/recipes/directories_spec.rb b/cookbooks/aws-parallelcluster-platform/spec/unit/recipes/directories_spec.rb index 56e65af56..824fc2f8b 100644 --- a/cookbooks/aws-parallelcluster-platform/spec/unit/recipes/directories_spec.rb +++ b/cookbooks/aws-parallelcluster-platform/spec/unit/recipes/directories_spec.rb @@ -43,6 +43,14 @@ recursive: true ) end + + it 'sets permission 0755 for /etc' do + is_expected.to create_directory('/etc').with( + owner: 'root', + mode: '0755', + recursive: false + ) + end end end end