flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-5818) change checkpoint dir permission to 700 for security reason
Date Mon, 20 Feb 2017 02:45:45 GMT

    [ https://issues.apache.org/jira/browse/FLINK-5818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15873976#comment-15873976
] 

ASF GitHub Bot commented on FLINK-5818:
---------------------------------------

Github user WangTaoTheTonic commented on the issue:

    https://github.com/apache/flink/pull/3335
  
    @greghogan I'm aware of that, but my concern is when lots of users store their checkpoint
files under same root directory, it would be a burden for admin to set different ACLs for
different needs, like user1 can read user2 and user3's files, while user2 can only read files
of user1, while user3 would like read files of user4, while .......
    
    Only set one ACL(like flink_admin) to allow one group to access all is not fine grained,
as there is need that for some user (like user1), we only allow it to access some, not all,
of sub directories(like sub directories user2 and user3 created).


> change checkpoint dir permission to 700 for security reason
> -----------------------------------------------------------
>
>                 Key: FLINK-5818
>                 URL: https://issues.apache.org/jira/browse/FLINK-5818
>             Project: Flink
>          Issue Type: Sub-task
>          Components: Security, State Backends, Checkpointing
>            Reporter: Tao Wang
>
> Now checkpoint directory is made w/o specified permission, so it is easy for another
user to delete or read files under it, which will cause restore failure or information leak.
> It's better to lower it down to 700.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message