File U_03-Restrict-PMIx-temp-directory-permissions-to-0700.patch of Package slurm.31080

From: Tim Wickberg <tim@schedmd.com>
Date: Wed Oct 11 12:45:25 2023 -0600
Subject: [PATCH 3/19]Restrict PMIx temp directory permissions to 0700.
Patch-mainline: Upstream
Git-repo: https://github.com/SchedMD/slurm
Git-commit: 83a4bd42a88a543e2752ba3d20cb900c2a3d9edc
References: bsc#1216207
Signed-off-by: Egbert Eich <eich@suse.de>

The root group does not need the group permissions to be able
to interact with the contents of the directory.
---
 src/plugins/mpi/pmix/pmixp_utils.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/plugins/mpi/pmix/pmixp_utils.c b/src/plugins/mpi/pmix/pmixp_utils.c
index 7f6d478ce5..93b7cc5cfa 100644
--- a/src/plugins/mpi/pmix/pmixp_utils.c
+++ b/src/plugins/mpi/pmix/pmixp_utils.c
@@ -541,8 +541,7 @@ int pmixp_rmdir_recursively(char *path)
 
 int pmixp_mkdir(char *path)
 {
-	mode_t rights = (S_IRUSR | S_IWUSR | S_IXUSR) |
-			(S_IRGRP | S_IWGRP | S_IXGRP);
+	mode_t rights = (S_IRUSR | S_IWUSR | S_IXUSR);
 
 	/* NOTE: we need user who owns the job to access PMIx usock
 	 * file. According to 'man 7 unix':
@@ -553,7 +552,7 @@ int pmixp_mkdir(char *path)
 	 * access to the unix socket we do the following:
 	 * 1. Owner ID is set to the job owner.
 	 * 2. Group ID corresponds to slurmstepd.
-	 * 3. Set 0770 access mode
+	 * 3. Set 0700 access mode
 	 */
 
 	if (0 != mkdir(path, rights) ) {