smolnar82 commented on PR #1151: URL: https://github.com/apache/knox/pull/1151#issuecomment-3935111993
The use of a fixed GID and group-based access makes sense for Helm/Kubernetes compatibility. However, granting `g+rwx` on all directories under `home/knox` may be broader than necessary. Since the JIRA mentions keystore updates specifically, would it be safer to restrict write permissions to the directories that actually need mutation (e.g., `data/security/keystores`, possibly `conf`)? This would better follow the principle of least privilege while preserving the intended functionality. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
