audit container script file ownership #413
Description
We have a pattern of doing stuff like
chown -R $USER:root $SCRIPT_DIR
chmod -R ug+rwX $SCRIPT_DIR
chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/(something)
Consequently, many of the container executable scripts are owned by and writable by the running user, but that is not actually necessary for operation: furthermore, it isn't desirable because it increases an attack surface area.