[
https://issues.apache.org/jira/browse/FLINK-5818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15872516#comment-15872516
]
ASF GitHub Bot commented on FLINK-5818:
---------------------------------------
Github user greghogan commented on the issue:
https://github.com/apache/flink/pull/3335
The HDFS administrator can configure the parent directory for checkpoints
with user and/or group ACL permissions. A default ACL is then inherited by the
newly created files and subdirectories therein. If you create an ACL which
blocks access for `group` and `other` the effective permissions are the
requested `700`.
> change checkpoint dir permission to 700 for security reason
> -----------------------------------------------------------
>
> Key: FLINK-5818
> URL: https://issues.apache.org/jira/browse/FLINK-5818
> Project: Flink
> Issue Type: Improvement
> Components: Security, State Backends, Checkpointing
> Reporter: Tao Wang
>
> Now checkpoint directory is made w/o specified permission, so it is easy for
> another user to delete or read files under it, which will cause restore
> failure or information leak.
> It's better to lower it down to 700.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
