[
https://issues.apache.org/jira/browse/FLINK-5818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15874462#comment-15874462
]
ASF GitHub Bot commented on FLINK-5818:
---------------------------------------
Github user WangTaoTheTonic commented on the issue:
https://github.com/apache/flink/pull/3335
As sub dirs are created by different jobs/users under root directory, we
keep it minimum(or configurable) at creation in order to keep the data safe.
When a user has needs of accessing checkpointing files of other users,
we(admin or file owner) can give it right to access. This can be more flexible
than setting ACLs in root directory and more fine grained, because each user
can decide who can touch its checkpointing files ;)
> change checkpoint dir permission to 700 for security reason
> -----------------------------------------------------------
>
> Key: FLINK-5818
> URL: https://issues.apache.org/jira/browse/FLINK-5818
> Project: Flink
> Issue Type: Sub-task
> Components: Security, State Backends, Checkpointing
> Reporter: Tao Wang
>
> Now checkpoint directory is made w/o specified permission, so it is easy for
> another user to delete or read files under it, which will cause restore
> failure or information leak.
> It's better to lower it down to 700.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
