From 9b000a9e58caa81838293138344732b306cbe14d Mon Sep 17 00:00:00 2001
From: Bob Haddleton <bob.haddleton@nokia.com>
Date: Sat, 9 Oct 2021 20:01:30 -0500
Subject: [PATCH] fix(executor): add test for non-root user creating a script

Signed-off-by: Bob Haddleton <bob.haddleton@nokia.com>
---
 test/e2e/functional_test.go   | 28 ++++++++++++++++++++++++++++
 workflow/executor/executor.go |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/test/e2e/functional_test.go b/test/e2e/functional_test.go
index f68d102e9c54..96718a1f3643 100644
--- a/test/e2e/functional_test.go
+++ b/test/e2e/functional_test.go
@@ -793,6 +793,34 @@ func (s *FunctionalSuite) TestDataTransformation() {
 		})
 }
 
+func (s *FunctionalSuite) TestScriptAsNonRoot() {
+	s.Given().
+		Workflow(`
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: script-nonroot-
+spec:
+  entrypoint: whalesay
+  securityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    runAsNonRoot: true
+  templates:
+    - name: whalesay
+      script:
+        image: argoproj/argosay:v2
+        command: ["bash"]
+        source: |
+          ls -l /argo/staging
+          cat /argo/stahing/script
+          sleep 10s
+`).
+		When().
+		SubmitWorkflow().
+		WaitForWorkflow(fixtures.ToBeSucceeded)
+}
+
 func TestFunctionalSuite(t *testing.T) {
 	suite.Run(t, new(FunctionalSuite))
 }
diff --git a/workflow/executor/executor.go b/workflow/executor/executor.go
index 2e3ef9bbfabe..1e39d76d7549 100644
--- a/workflow/executor/executor.go
+++ b/workflow/executor/executor.go
@@ -251,7 +251,7 @@ func (we *WorkflowExecutor) StageFiles() error {
 	default:
 		return nil
 	}
-	err := ioutil.WriteFile(filePath, body, 0o600)
+	err := ioutil.WriteFile(filePath, body, 0o644)
 	if err != nil {
 		return errors.InternalWrapError(err)
 	}