[
https://issues.apache.org/jira/browse/FLINK-5818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15869944#comment-15869944
]
ASF GitHub Bot commented on FLINK-5818:
---------------------------------------
Github user WangTaoTheTonic commented on the issue:
https://github.com/apache/flink/pull/3335
Hi Stephan,
You may have a little misunderstanding about this change. It only controls
directories with job id (generated using UUID), but not the configured root
checkpoint directory. I agree with you that the root directory should be
created or changed permission when setup, but setup would not be aware of these
directories with job ids, which are created in runtime.
About Hadoop dependency, I admit I am using a convenient (let's say a hack
way) to do the transition, as it need a bit more codes to do it standalone. I
will change it if it's a problem :)
> change checkpoint dir permission to 700 for security reason
> -----------------------------------------------------------
>
> Key: FLINK-5818
> URL: https://issues.apache.org/jira/browse/FLINK-5818
> Project: Flink
> Issue Type: Improvement
> Components: Security, State Backends, Checkpointing
> Reporter: Tao Wang
>
> Now checkpoint directory is made w/o specified permission, so it is easy for
> another user to delete or read files under it, which will cause restore
> failure or information leak.
> It's better to lower it down to 700.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
