We find from customer, that agent SPOOL folder is world executable, on Unix/Linux servers. They have run this for auditing purpose.

Release : 11.3, 11.4, 12.0

Component : CA Workload Automation System Agent

The execute permission on directories allows accessing files inside the directory.

The files in the spool folder may have world writeable permission. It can be addressed with the parameter oscomponent.defaultfile.permission.

Change the Default Permissions of the Files Created by the Agent

The spool folder has world writeable and executable permission.

# ls -ld spool
drwxrwxrwt 5 root root 4096 May  8  2019 spool

The execute permission on directories allows accessing files inside the directory. The write permission allows creating and removing entries in it.

In the scenario where the agent is started as the root user and the job owner is a different user, then the user which is specified as job owner will not be able to access the spool folder to update the spool files.

Hence the world writeable/executable needs to be enabled on the spool folder.