[jira] [Created] (AIRFLOW-1536) DaemonContext use default umask 0

Timothy O'Keefe (JIRA) Mon, 28 Aug 2017 09:10:13 -0700

Timothy O'Keefe created AIRFLOW-1536:
----------------------------------------


             Summary: DaemonContext use default umask 0
                 Key: AIRFLOW-1536
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-1536
             Project: Apache Airflow
          Issue Type: Bug
          Components: cli, security
            Reporter: Timothy O'Keefe


All DaemonContext instances used for worker, scheduler, webserver, flower, etc. 
do not supply a umask argument. See here for example:

https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869

As a result, the DaemonContext will use the default umask=0 which leaves user 
data exposed. A BashOperator for example that writes any files would have 
permissions rw-rw-rw- as would any airflow logs.

I believe the umask should be inherited from the parent shell.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (AIRFLOW-1536) DaemonContext use default umask 0

Reply via email to