Andras Piros created OOZIE-3403: ----------------------------------- Summary: [fluent-job] Workflow definition is stored in an insecure place on client host Key: OOZIE-3403 URL: https://issues.apache.org/jira/browse/OOZIE-3403 Project: Oozie Issue Type: Bug Components: fluent-job Affects Versions: 5.1.0 Reporter: Andras Piros
When {{OozieCLI}} is called with {{job -validatejar}} and {{–-verbose}} options, the resulting {{workflow.xml}} is stored in an insecure place: {{/tmp}} on the host computer. To reduce world readability, it's required that the resulting {{workflow.xml}} be stored in the currend working directory with rights only readable to the caller where {{OozieCLI}} has just been called. Since this information is also available via normal [{{OozieCLI}} call {{job -definition}}|https://oozie.apache.org/docs/5.0.0/DG_CommandLineTool.html#Checking_the_xml_definition_of_a_Workflow_Coordinator_or_Bundle_Job], it's considered a minor issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005)