Bug report: AWSEC2-ConfigureSTIG fails on AL2 if /tmp contains an item with a long user/group like webapp

Question

The state association will fail with this error:  "The staging directory is not currently owned by the root account. Exiting."

This is caused by the shell script not expecting a single space in between user and group.  For example, Elastic Beanstalk runs as user webapp and group webapp.  This causes entries created in /tmp to look like this in ls  (notice the space between webapp and webapp:
```
drwxr-xr-x   2 webapp webapp    6 Sep 18 01:00 uploads
```

The script itself is looking for entries looking like:
```
drwx------ 2 root   root      6 Sep 19 17:13 tmp.ZU79vTNUjs
```
Notice the multiple spaces between root and root.

Not using /tmp from webapp is the only fix I have found so far.  Having spent many hours on this, I hope this may help someone else.

Answer

The problematic line is this one:

```shell
(ls -l /tmp/ | grep "$stagingDir" | cut -d' ' -f 3,4 | grep -E -q "^(\s*)root\s*root\s*$") || { echo The 'staging directory is not currently owned by the root account. Exiting.'; exit 1; }
```
The cut command is cutting the user and group apart in two different field when the delimiter becomes  a single space, breaking the following grep command.

Bug report: AWSEC2-ConfigureSTIG fails on AL2 if /tmp contains an item with a long user/group like webapp

関連するコンテンツ