[
https://issues.apache.org/jira/browse/FLINK-5818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15873976#comment-15873976
]
ASF GitHub Bot commented on FLINK-5818:
---------------------------------------
Github user WangTaoTheTonic commented on the issue:
https://github.com/apache/flink/pull/3335
@greghogan I'm aware of that, but my concern is when lots of users store
their checkpoint files under same root directory, it would be a burden for
admin to set different ACLs for different needs, like user1 can read user2 and
user3's files, while user2 can only read files of user1, while user3 would like
read files of user4, while .......
Only set one ACL(like flink_admin) to allow one group to access all is not
fine grained, as there is need that for some user (like user1), we only allow
it to access some, not all, of sub directories(like sub directories user2 and
user3 created).
> change checkpoint dir permission to 700 for security reason
> -----------------------------------------------------------
>
> Key: FLINK-5818
> URL: https://issues.apache.org/jira/browse/FLINK-5818
> Project: Flink
> Issue Type: Sub-task
> Components: Security, State Backends, Checkpointing
> Reporter: Tao Wang
>
> Now checkpoint directory is made w/o specified permission, so it is easy for
> another user to delete or read files under it, which will cause restore
> failure or information leak.
> It's better to lower it down to 700.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
