Looking through the DRMAA job runner code I noticed that in lib/galaxy/jobs/__init__.py:1582 that if chown to a user in change_ownership_for_run fails then there is chmod 0777 instead.
I'm thinking that this probably shouldn't happen by default, or there needs to be a big warning on the wiki? I understand the world-readable security concerns posted there - but world-writable, for whatever reason, on a shared cluster seems like a disaster waiting to happen.
Maybe either warn on the wiki, make the chmod 777 a non-default option, or an option to disable it?
The future of medicine, today.