[ https://issues.apache.org/jira/browse/MESOS-8332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16290181#comment-16290181 ]
James Peach commented on MESOS-8332: ------------------------------------ In tests, I notice that {{chown}} on the executor sandbox path logs a warning but doesn't cause a failure, but {{chown}} on nested and standalone container paths fails the container. There might be some compatibility concern around making this behavior consistent since frameworks can currently be sloppy with their user names without failing. > Narrow the container sandbox permissions. > ----------------------------------------- > > Key: MESOS-8332 > URL: https://issues.apache.org/jira/browse/MESOS-8332 > Project: Mesos > Issue Type: Improvement > Components: containerization > Reporter: James Peach > Assignee: James Peach > Priority: Minor > > Sandboxes are currently created with 0755 permissions, which allows anyone > with local machine access to inspect their contents. We should make them 0750 > to limit access to the owning user and group. -- This message was sent by Atlassian JIRA (v6.4.14#64029)