From 714d6c9231409c8b17c6f148722232de1ca9aece Mon Sep 17 00:00:00 2001
From: Helena Greebe <hgreebe@amazon.com>
Date: Wed, 28 Aug 2024 13:15:48 -0400
Subject: [PATCH] Prevent pcluster from changing default permissions on /home
 directory

---
 .../recipes/config/mount_home.rb                               | 1 +
 cookbooks/aws-parallelcluster-environment/resources/volume.rb  | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/cookbooks/aws-parallelcluster-environment/recipes/config/mount_home.rb b/cookbooks/aws-parallelcluster-environment/recipes/config/mount_home.rb
index 75cffc92e1..6f9073cc17 100644
--- a/cookbooks/aws-parallelcluster-environment/recipes/config/mount_home.rb
+++ b/cookbooks/aws-parallelcluster-environment/recipes/config/mount_home.rb
@@ -36,6 +36,7 @@
     volume "mount /home" do
       action :mount
       shared_dir '/home'
+      mode '1755'
       device(lazy { "#{node['cluster']['head_node_private_ip']}:#{node['cluster']['head_node_home_path']}" })
       fstype 'nfs'
       options node['cluster']['nfs']['hard_mount_options']
diff --git a/cookbooks/aws-parallelcluster-environment/resources/volume.rb b/cookbooks/aws-parallelcluster-environment/resources/volume.rb
index 884968a53e..58e38a9c12 100644
--- a/cookbooks/aws-parallelcluster-environment/resources/volume.rb
+++ b/cookbooks/aws-parallelcluster-environment/resources/volume.rb
@@ -7,6 +7,7 @@
 property :options, [Array, String], required: %i(mount)
 property :device_type, [String, Symbol], default: :device
 property :volume_id, String, required: %i(attach detach)
+property :mode, String, default: '1777'
 
 action :attach do
   volume_id = new_resource.volume_id.strip
@@ -42,7 +43,7 @@
   directory shared_dir do
     owner 'root'
     group 'root'
-    mode '1777'
+    mode new_resource.mode
     recursive true
     action :create
   end