KAFKA-12211: don't change perm for base/state dir when no persistent store#9904
KAFKA-12211: don't change perm for base/state dir when no persistent store#9904ableegoldman merged 3 commits intoapache:trunkfrom
Conversation
| Files.setPosixFilePermissions(basePath, perms); | ||
| Files.setPosixFilePermissions(statePath, perms); | ||
| } catch (final IOException e) { | ||
| log.warn("Error changing permissions for the state or base directory {} ", stateDir.getPath(), e); |
There was a problem hiding this comment.
Change from error to warn since I don't think it'll be an real error if changing permission failed.
There was a problem hiding this comment.
Are we sure this should not be an error? Should we not rethrow the exception? After all it may make data readable to the outside world. I do not request a change, I just wanted to put it up for discussions.
There was a problem hiding this comment.
I personally think it should not throw exception here because it won't block the stream running if we didn't change the dir permission successfully. But, if most users took the dir permission things seriously, maybe we should throw exception? Not sure.
There was a problem hiding this comment.
Personally I agree that we shouldn't rethrow the exception, as many users probably do not care and it would be pretty bad imo if some error that doesn't concern them makes it impossible to run Streams at all (see for example KAFKA-12190 )
That said I'm slightly more inclined to log it as an error just because that will give it better visibility for those users who do care about the readability. Although I suspect that anyone who strongly values security of streams data would (or at least, should!) actually verify the configuration
There was a problem hiding this comment.
Agree! revert back to log.error. Thanks.
|
@lct45 @ableegoldman @cadonna , please help review this PR. Thanks. |
ableegoldman
left a comment
ableegoldman
left a comment
There was a problem hiding this comment.
Thanks for this, I've noticed this error in the logs of some tests before but never got around to checking it out. LGTM
|
The failed tests: All are not related to my change. And the |
| assertFalse(stateDir.exists()); | ||
| assertFalse(appDir.exists()); |
There was a problem hiding this comment.
nit:
| assertFalse(stateDir.exists()); | |
| assertFalse(appDir.exists()); | |
| assertThat(stateDir.exists(), is(false)); | |
| assertThat(appDir.exists(), is(false)); |
|
LGTM, thanks @showuon . Also re-triggered the tests. |
|
failed tests: All are not related to my changes. Thanks. |
|
Thanks @showuon , merged to trunk |
…store (#9904) If a user doesn't have Persistent Stores, we won't create base dir and state dir and should not try to set permissions on them. Reviewers: Bruno Cadonna <cadonna@confluent.io>, Guozhang Wang <guozhang@confluent.io>, Anna Sophie Blee-Goldman <ableegoldman@apache.org>
|
Also cherrypicked to 2.7 |
|
Hi, Is there any reason this is not in 2.6? 2.6.1 is affected by this problem. Thanks! |
|
I think at the time we weren't expecting there to be a 2.6.2 release, but as it turns out I'm actually actively in the process of releasing 2.6.2. I haven't cut the RC yet, so I'll go ahead and pull this fix in as well. Thanks for raising it |
|
Cherrypick was pretty rough so I opened a quick PR against 2.6 instead: #10197 |
5 participants
We improved the state directory folder/file permission setting in #9583 . But we forgot to consider one situation: if user doesn't have Persistent Stores, we won't create base dir and state dir. And if there's no such dir, and when we tried to set permission to them, we'll have
NoSuchFileException.Committer Checklist (excluded from commit message)