[ https://issues.apache.org/jira/browse/AIRFLOW-1536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jarek Potiuk resolved AIRFLOW-1536. ----------------------------------- Fix Version/s: 2.0.0 Resolution: Fixed > DaemonContext uses default umask 0 > ---------------------------------- > > Key: AIRFLOW-1536 > URL: https://issues.apache.org/jira/browse/AIRFLOW-1536 > Project: Apache Airflow > Issue Type: Bug > Components: cli, security > Reporter: Timothy O'Keefe > Assignee: Deepak Aggarwal > Priority: Major > Fix For: 2.0.0 > > > All DaemonContext instances used for worker, scheduler, webserver, flower, > etc. do not supply a umask argument. See here for example: > https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869 > As a result, the DaemonContext will use the default umask=0 which leaves user > data exposed. A BashOperator for example that writes any files would have > permissions rw-rw-rw- as would any airflow logs. > I believe the umask should either be configurable, or inherited from the > parent shell, or both. -- This message was sent by Atlassian Jira (v8.3.4#803005)