Hi Gabor, The issue is that, read permission is not getting checked when Flink FileSource is listing the files under given source directory. This is happening as Security Manager is coming as null.
public String[] list() { SecurityManager security = System.getSecurityManager(); -> Here Security Manager is coming as Null. if (security != null) { security.checkRead(path); } if (isInvalid()) { return null; } return fs.list(this); } While debugging it, found a method in Flink Security manager like below, hence I suspected towards it and queried to know the role of Flink Security manager. public static void setFromConfiguration(Configuration configuration) { final FlinkSecurityManager flinkSecurityManager = FlinkSecurityManager.fromConfiguration(configuration); if (flinkSecurityManager != null) { try { System.setSecurityManager(flinkSecurityManager); } catch (Exception e) { … … Regards, Kirti Dhar From: Gabor Somogyi <gabor.g.somo...@gmail.com> Sent: Wednesday, March 6, 2024 7:17 PM To: Kirti Dhar Upadhyay K <kirti.k.dhar.upadh...@ericsson.com> Cc: User@flink.apache.org Subject: Re: SecurityManager in Flink Hi Kirti, Not sure what is the exact issue here but I'm not convinced that having FlinkSecurityManager is going to solve it. Here is the condition however: * cluster.intercept-user-system-exit != DISABLED (this must be changed) * cluster.processes.halt-on-fatal-error == false (this is good by default) Here is a gist what Flink's SecurityManager does: /** * {@code FlinkSecurityManager} to control certain behaviors that can be captured by Java system * security manager. It can be used to control unexpected user behaviors that potentially impact * cluster availability, for example, it can warn or prevent user code from terminating JVM by * System.exit or halt by logging or throwing an exception. This does not necessarily prevent * malicious users who try to tweak security manager on their own, but more for being dependable * against user mistakes by gracefully handling them informing users rather than causing silent * unavailability. */ G On Wed, Mar 6, 2024 at 11:10 AM Kirti Dhar Upadhyay K via user <user@flink.apache.org<mailto:user@flink.apache.org>> wrote: Hi Team, I am using Flink File Source with Local File System. I am facing an issue, if source directory does not has read permission, it is returning the list of files as null instead of throwing permission exception (refer the highlighted line below), resulting in NPE. final FileStatus[] containedFiles = fs.listStatus(fileStatus.getPath()); for (FileStatus containedStatus : containedFiles) { addSplitsForPath(containedStatus, fs, target); } Debugging the issue found that, SecurityManager is coming as null while listing the files, hence skipping the permissions on directory. What is the way to set SecurityManager in Flink? Regards, Kirti Dhar