Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-1536

DaemonContext uses default umask 0

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: cli, security
    • Labels:
      None

      Description

      All DaemonContext instances used for worker, scheduler, webserver, flower, etc. do not supply a umask argument. See here for example:

      https://github.com/apache/incubator-airflow/blob/b0669b532a7be9aa34a4390951deaa25897c62e6/airflow/bin/cli.py#L869

      As a result, the DaemonContext will use the default umask=0 which leaves user data exposed. A BashOperator for example that writes any files would have permissions rw-rw-rw- as would any airflow logs.

      I believe the umask should either be configurable, or inherited from the parent shell, or both.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ivorynoise Deepak Aggarwal
                Reporter:
                tokeefe Timothy O'Keefe
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: