You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/04/17 08:33:00 UTC

[jira] [Commented] (AIRFLOW-1536) DaemonContext uses default umask 0

    [ https://issues.apache.org/jira/browse/AIRFLOW-1536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17085548#comment-17085548 ] 

ASF GitHub Bot commented on AIRFLOW-1536:
-----------------------------------------

ivorynoise commented on pull request #7724: [AIRFLOW-1536] Inherit umask from parent process in daemon mode
URL: https://github.com/apache/airflow/pull/7724
 
 
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> DaemonContext uses default umask 0
> ----------------------------------
>
>                 Key: AIRFLOW-1536
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-1536
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: cli, security
>            Reporter: Timothy O'Keefe
>            Assignee: Deepak Aggarwal
>            Priority: Major
>
> All DaemonContext instances used for worker, scheduler, webserver, flower, etc. do not supply a umask argument. See here for example:
> https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869
> As a result, the DaemonContext will use the default umask=0 which leaves user data exposed. A BashOperator for example that writes any files would have permissions rw-rw-rw- as would any airflow logs.
> I believe the umask should either be configurable, or inherited from the parent shell, or both.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)