[Bug]: Folder permissions being reset

[StoneCut]

DO NOT REPORT VULNERABILITIES HERE!

• By checking this box I am confirming this issue is NOT a vulnerability.

Is there an existing issue for this?

• I have searched the existing issues

What happened?

For CIS compliance reasons, we removed the "w" bit for "others" on the following folders:
/opt/cronicle/queue
/opt/cronicle/logs/jobs

However, after a restart or when some tasks are run, these permissions are apparently reset to be world writable.
Is there any reason for this? Is this a configuration issue on our end? Can it be fixed, maybe in code? We even tried working around this by applying a sticky bit but that gets reset, too.

Operating System

RHEL 9.6

Node.js Version

16.20

Cronicle Version

0.9.80

Server Setup

Single Server

Storage Setup

Local Filesystem

Relevant log output

Code of Conduct

• I agree to follow this project's Code of Conduct

[jhuckaby]

Well, this is actually "as designed" behavior. The reason Cronicle does this is because Plugins can run as "any" user or group, configured in the UI:

Because of this reason, they need access to certain folders to write logs, temp files, etc. even if they are running as a non-root user. So that's why the folders are 777'ed.

If you never use this UID/GID feature, maybe I can add a configuration option somewhere...

[StoneCut]

I see. A configuration option would be great. Alternatively, an option not to remove the sticky bit if set :)