[
https://issues.apache.org/jira/browse/AIRFLOW-1536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jarek Potiuk resolved AIRFLOW-1536.
-----------------------------------
Fix Version/s: 2.0.0
Resolution: Fixed
> DaemonContext uses default umask 0
> ----------------------------------
>
> Key: AIRFLOW-1536
> URL: https://issues.apache.org/jira/browse/AIRFLOW-1536
> Project: Apache Airflow
> Issue Type: Bug
> Components: cli, security
> Reporter: Timothy O'Keefe
> Assignee: Deepak Aggarwal
> Priority: Major
> Fix For: 2.0.0
>
>
> All DaemonContext instances used for worker, scheduler, webserver, flower,
> etc. do not supply a umask argument. See here for example:
> https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869
> As a result, the DaemonContext will use the default umask=0 which leaves user
> data exposed. A BashOperator for example that writes any files would have
> permissions rw-rw-rw- as would any airflow logs.
> I believe the umask should either be configurable, or inherited from the
> parent shell, or both.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
