[
https://issues.apache.org/jira/browse/AIRFLOW-1536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17059377#comment-17059377
]
ASF GitHub Bot commented on AIRFLOW-1536:
-----------------------------------------
aggarwaldeepak commented on pull request #7724: [AIRFLOW-1536] Inherit umask
from parent process in daemon mode
URL: https://github.com/apache/airflow/pull/7724
When celery workers are run in daemon mode, umask was set to default(0)
which create dirs/files with 0777/0666 permissions.
---
Issue link: WILL BE INSERTED BY
[boring-cyborg](https://github.com/kaxil/boring-cyborg)
Make sure to mark the boxes below before creating PR: [x]
- [x] Description above provides context of the change
- [x] Commit message/PR title starts with `[AIRFLOW-NNNN]`. AIRFLOW-NNNN =
JIRA ID<sup>*</sup>
- [ ] Unit tests coverage for changes (not needed for documentation changes)
- [x] Commits follow "[How to write a good git commit
message](http://chris.beams.io/posts/git-commit/)"
- [ ] Relevant documentation is updated including usage instructions.
- [ ] I will engage committers as explained in [Contribution Workflow
Example](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#contribution-workflow-example).
<sup>*</sup> For document-only changes commit message can start with
`[AIRFLOW-XXXX]`.
---
In case of fundamental code change, Airflow Improvement Proposal
([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals))
is needed.
In case of a new dependency, check compliance with the [ASF 3rd Party
License Policy](https://www.apache.org/legal/resolved.html#category-x).
In case of backwards incompatible changes please leave a note in
[UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md).
Read the [Pull Request
Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines)
for more information.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> DaemonContext uses default umask 0
> ----------------------------------
>
> Key: AIRFLOW-1536
> URL: https://issues.apache.org/jira/browse/AIRFLOW-1536
> Project: Apache Airflow
> Issue Type: Bug
> Components: cli, security
> Reporter: Timothy O'Keefe
> Assignee: Deepak Aggarwal
> Priority: Major
>
> All DaemonContext instances used for worker, scheduler, webserver, flower,
> etc. do not supply a umask argument. See here for example:
> https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869
> As a result, the DaemonContext will use the default umask=0 which leaves user
> data exposed. A BashOperator for example that writes any files would have
> permissions rw-rw-rw- as would any airflow logs.
> I believe the umask should either be configurable, or inherited from the
> parent shell, or both.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
