I'm not a user of the Automate/Skybot application, but I do manage the server it is running on. My concern is that the local users "automate" and "skybot" have their home directory set to /opt/automate-schedule and /opt/skybot respectively. Because of this, our vulnerability scanner is flagging these systems because user home directories should have more restrictive permissions. However, since these directories run the application, I don't know that locking down these directories is a great idea.

The person who originally installed this application is no longer with the company, so I don't know if setting these home directories is necessary or if there is an easier way to set these up so that we can pass our security scans without breaking the application.

Any guidance on this would be greatly appreciated and I apologize in advance for my own ignorance of the application itself.