lct45 commented on a change in pull request #9583:
URL: https://github.com/apache/kafka/pull/9583#discussion_r523055221
##########
File path:
streams/src/main/java/org/apache/kafka/streams/processor/internals/StateDirectory.java
##########
@@ -102,6 +107,15 @@ public StateDirectory(final StreamsConfig config, final
Time time, final boolean
log.warn("Using /tmp directory in the state.dir property can cause
failures with writing the checkpoint file" +
" due to the fact that this directory can be cleared by the
OS");
}
+ final Path basePath = Paths.get(baseDir.getPath());
+ final Path statePath = Paths.get(stateDir.getPath());
+ final Set<PosixFilePermission> perms =
PosixFilePermissions.fromString("rwxr-x---");
Review comment:
I agree with what Bruno said for the reading. I think allowing execute
for group members isn't a security risk, since it's still somewhat contained. I
ran the streams test without having execute for group and I got an exception in
`StreamTableJoinTopologyOptimizationIntegrationTest` test
`shouldDoStreamTableJoinWithDifferentNumberOfPartitions`. It looks like the
integration test utils weren't able to clear the directory because groups
didn't have execute authorization. Since it doesn't seem like allowing groups
to execute would constitute a security risk, it seems like this is a good thing
to keep for testing capabilities
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
