[
https://issues.apache.org/jira/browse/FLINK-5818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tao Wang updated FLINK-5818:
----------------------------
Hi Stephan,
You may have a little misunderstanding about this change. It only controls
directories with job id (generated using UUID), but not the configured root
checkpoint directory. I agree with you that the root directory should be
created or changed permission when setup, but setup would not be aware of these
directories with job ids, which are created in runtime.
About Hadoop dependency, I admit I am using a convenient (let's say a hack way)
to do the transition, as it need a bit more codes to do it standalone. I will
change it if it's a problem :)
-----------------
Regards.
On 02/16/2017 21:17, ASF GitHub Bot (JIRA) wrote:
[
https://issues.apache.org/jira/browse/FLINK-5818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15869904#comment-15869904
]
ASF GitHub Bot commented on FLINK-5818:
---------------------------------------
Github user StephanEwen commented on the issue:
https://github.com/apache/flink/pull/3335
Thank you for the contribution. I see the idea behind the fix.
I am unsure whether we should let Flink manage the permissions of these
directories. My gut feeling is that this is something that the operational
setup should be taking care of. For example some setup may want to keep
whatever is the pre-defined permission, to make checkpoints accessible by other
groups for the purpose of cloning/migrating jobs to other clusters.
That is something probably worth of a mailing list discussion.
I would put this on hold until we have a decision there.
If we want this change, we still need to do it a bit different, as we are
trying to make Flink work without any dependencies to Hadoop (Hadoop is still
supported perfectly, but is an optional dependencies).
Adding new hard Hadoop dependencies (like here) is not possible due to that.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
> change checkpoint dir permission to 700 for security reason
> -----------------------------------------------------------
>
> Key: FLINK-5818
> URL: https://issues.apache.org/jira/browse/FLINK-5818
> Project: Flink
> Issue Type: Improvement
> Components: Security, State Backends, Checkpointing
> Reporter: Tao Wang
>
> Now checkpoint directory is made w/o specified permission, so it is easy for
> another user to delete or read files under it, which will cause restore
> failure or information leak.
> It's better to lower it down to 700.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
