You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Deepak Aggarwal (Jira)" <ji...@apache.org> on 2020/03/14 13:24:00 UTC

[jira] [Commented] (AIRFLOW-1536) DaemonContext uses default umask 0

    [ https://issues.apache.org/jira/browse/AIRFLOW-1536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17059347#comment-17059347 ] 

Deepak Aggarwal commented on AIRFLOW-1536:
------------------------------------------

[~tokeefe] I have started working on the issue. I think the change only needs to be made where workers are run in daemon mode since workers always run the tasks with dags. 

> DaemonContext uses default umask 0
> ----------------------------------
>
>                 Key: AIRFLOW-1536
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-1536
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: cli, security
>            Reporter: Timothy O'Keefe
>            Assignee: Deepak Aggarwal
>            Priority: Major
>
> All DaemonContext instances used for worker, scheduler, webserver, flower, etc. do not supply a umask argument. See here for example:
> https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869
> As a result, the DaemonContext will use the default umask=0 which leaves user data exposed. A BashOperator for example that writes any files would have permissions rw-rw-rw- as would any airflow logs.
> I believe the umask should either be configurable, or inherited from the parent shell, or both.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)