flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-5818) change checkpoint dir permission to 700 for security reason
Date Wed, 01 Mar 2017 01:38:45 GMT

    [ https://issues.apache.org/jira/browse/FLINK-5818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15889285#comment-15889285
] 

ASF GitHub Bot commented on FLINK-5818:
---------------------------------------

Github user EronWright commented on the issue:

    https://github.com/apache/flink/pull/3335
  
    When working on FLINK-3932, I came to the conclusion that the state backend data should
probably be written into the Hadoop user's home directory, since most Hadoop setups protect
the home directory.     Would that solve the problem here?


> change checkpoint dir permission to 700 for security reason
> -----------------------------------------------------------
>
>                 Key: FLINK-5818
>                 URL: https://issues.apache.org/jira/browse/FLINK-5818
>             Project: Flink
>          Issue Type: Sub-task
>          Components: Security, State Backends, Checkpointing
>            Reporter: Tao Wang
>            Assignee: Tao Wang
>
> Now checkpoint directory is made w/o specified permission, so it is easy for another
user to delete or read files under it, which will cause restore failure or information leak.
> It's better to lower it down to 700.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message