airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy O'Keefe (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AIRFLOW-1536) DaemonContext uses default umask 0
Date Mon, 28 Aug 2017 16:15:01 GMT

     [ https://issues.apache.org/jira/browse/AIRFLOW-1536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Timothy O'Keefe updated AIRFLOW-1536:
-------------------------------------
    Description: 
All DaemonContext instances used for worker, scheduler, webserver, flower, etc. do not supply
a umask argument. See here for example:

https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869

As a result, the DaemonContext will use the default umask=0 which leaves user data exposed.
A BashOperator for example that writes any files would have permissions rw-rw-rw- as would
any airflow logs.

I believe the umask should be either configurable, or inherited from the parent shell, or
both.

  was:
All DaemonContext instances used for worker, scheduler, webserver, flower, etc. do not supply
a umask argument. See here for example:

https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869

As a result, the DaemonContext will use the default umask=0 which leaves user data exposed.
A BashOperator for example that writes any files would have permissions rw-rw-rw- as would
any airflow logs.

I believe the umask should be inherited from the parent shell.


> DaemonContext uses default umask 0
> ----------------------------------
>
>                 Key: AIRFLOW-1536
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-1536
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: cli, security
>            Reporter: Timothy O'Keefe
>
> All DaemonContext instances used for worker, scheduler, webserver, flower, etc. do not
supply a umask argument. See here for example:
> https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869
> As a result, the DaemonContext will use the default umask=0 which leaves user data exposed.
A BashOperator for example that writes any files would have permissions rw-rw-rw- as would
any airflow logs.
> I believe the umask should be either configurable, or inherited from the parent shell,
or both.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message