airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy O'Keefe (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AIRFLOW-1536) DaemonContext use default umask 0
Date Mon, 28 Aug 2017 16:10:00 GMT
Timothy O'Keefe created AIRFLOW-1536:
----------------------------------------

             Summary: DaemonContext use default umask 0
                 Key: AIRFLOW-1536
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-1536
             Project: Apache Airflow
          Issue Type: Bug
          Components: cli, security
            Reporter: Timothy O'Keefe


All DaemonContext instances used for worker, scheduler, webserver, flower, etc. do not supply
a umask argument. See here for example:

https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869

As a result, the DaemonContext will use the default umask=0 which leaves user data exposed.
A BashOperator for example that writes any files would have permissions rw-rw-rw- as would
any airflow logs.

I believe the umask should be inherited from the parent shell.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message