Tao Wang updated FLINK-5818:

Hi Stephan,

You may have a little misunderstanding about this change. It only controls 
directories with job id (generated using UUID), but not the configured root 
checkpoint directory.  I agree with you that the root directory should be 
created or changed permission when setup, but setup would not be aware of these 
directories with job ids, which are created in runtime.

About Hadoop dependency, I admit I am using a convenient (let's say a hack way) 
to do the transition, as it need a bit more codes to do it standalone. I will 
change it if it's a problem :)

On 02/16/2017 21:17, ASF GitHub Bot (JIRA) wrote:


ASF GitHub Bot commented on FLINK-5818:

Github user StephanEwen commented on the issue:

   Thank you for the contribution. I see the idea behind the fix.
   I am unsure whether we should let Flink manage the permissions of these 
directories. My gut feeling is that this is something that the operational 
setup should be taking care of. For example some setup may want to keep 
whatever is the pre-defined permission, to make checkpoints accessible by other 
groups for the purpose of cloning/migrating jobs to other clusters.
   That is something probably worth of a mailing list discussion.
   I would put this on hold until we have a decision there.
   If we want this change, we still need to do it a bit different, as we are 
trying to make Flink work without any dependencies to Hadoop (Hadoop is still 
supported perfectly, but is an optional dependencies).
   Adding new hard Hadoop dependencies (like here) is not possible due to that.

This message was sent by Atlassian JIRA

> change checkpoint dir permission to 700 for security reason
> -----------------------------------------------------------
>                 Key: FLINK-5818
>                 URL: https://issues.apache.org/jira/browse/FLINK-5818
>             Project: Flink
>          Issue Type: Improvement
>          Components: Security, State Backends, Checkpointing
>            Reporter: Tao Wang
> Now checkpoint directory is made w/o specified permission, so it is easy for 
> another user to delete or read files under it, which will cause restore 
> failure or information leak.
> It's better to lower it down to 700.

This message was sent by Atlassian JIRA

Reply via email to