Search in sources :

Example 1 with AclEntry

use of java.nio.file.attribute.AclEntry in project java-chassis by ServiceComb.

the class FortifyUtils method getDefaultFileAttributes.

public static FileAttribute<?> getDefaultFileAttributes(String filePath) {
    Path file = new File(filePath).toPath();
    if (isPosix()) {
        return PosixFilePermissions.asFileAttribute(FilePerm.getDefaultPosixPerm());
    } else {
        // for not posix must support ACL, or failed.
        String userName = System.getProperty("user.name");
        UserPrincipal user = null;
        try {
            user = file.getFileSystem().getUserPrincipalLookupService().lookupPrincipalByName(userName);
        } catch (IOException e) {
            throw new RuntimeException("Unknown user error.");
        }
        final AclEntry entry = AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(user).setPermissions(FilePerm.getDefaultAclPerm()).setFlags(new AclEntryFlag[] { AclEntryFlag.FILE_INHERIT, AclEntryFlag.DIRECTORY_INHERIT }).build();
        return new FileAttribute<List<AclEntry>>() {

            public String name() {
                return "acl:acl";
            }

            /* Windows ACL */
            //public Object value() { ArrayList l = new ArrayList(); l.add(entry); return l; }
            public List<AclEntry> value() {
                ArrayList<AclEntry> l = new ArrayList<AclEntry>();
                l.add(entry);
                return l;
            }
        };
    }
}
Also used : Path(java.nio.file.Path) AclEntryFlag(java.nio.file.attribute.AclEntryFlag) AclEntry(java.nio.file.attribute.AclEntry) ArrayList(java.util.ArrayList) IOException(java.io.IOException) File(java.io.File) UserPrincipal(java.nio.file.attribute.UserPrincipal) FileAttribute(java.nio.file.attribute.FileAttribute)

Example 2 with AclEntry

use of java.nio.file.attribute.AclEntry in project derby by apache.

the class FileUtil method limitAccessToOwnerViaFileAttributeView.

/**
 * Limit access to owner using a
 * {@code java.nio.file.attribute.FileAttributeView}.
 * Such views are only available on Java 7 and higher, and only on
 * file systems that support changing file permissions. Currently,
 * this is supported on POSIX file systems and file systems that
 * maintain access control lists (ACLs).
 *
 * @param file the file to limit access to
 * @return {@code true} on success, or {@code false} if some of the
 * permissions could not be changed
 */
private static boolean limitAccessToOwnerViaFileAttributeView(File file) throws IOException {
    Path fileP = file.toPath();
    PosixFileAttributeView posixView = Files.getFileAttributeView(fileP, PosixFileAttributeView.class);
    if (posixView != null) {
        // This is a POSIX file system. Usually,
        // FileUtil.limitAccessToOwnerViaFile() will successfully set
        // the permissions on such file systems using the java.io.File
        // class, so we don't get here. If, however, that approach failed,
        // we try again here using a PosixFileAttributeView. That's likely
        // to fail too, but at least now we will get an IOException that
        // explains why it failed.
        EnumSet<PosixFilePermission> perms = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE);
        if (file.isDirectory()) {
            perms.add(PosixFilePermission.OWNER_EXECUTE);
        }
        posixView.setPermissions(perms);
        return true;
    }
    AclFileAttributeView aclView = Files.getFileAttributeView(fileP, AclFileAttributeView.class);
    if (aclView != null) {
        // Since we have an AclFileAttributeView which is not a
        // PosixFileAttributeView, we probably have an NTFS file
        // system.
        // Remove existing ACEs, build a new one which simply
        // gives all possible permissions to current owner.
        AclEntry ace = AclEntry.newBuilder().setPrincipal(Files.getOwner(fileP)).setType(AclEntryType.ALLOW).setPermissions(EnumSet.allOf(AclEntryPermission.class)).build();
        aclView.setAcl(Collections.singletonList(ace));
        return true;
    }
    // We don't know how to set permissions on this file system.
    return false;
}
Also used : Path(java.nio.file.Path) AclFileAttributeView(java.nio.file.attribute.AclFileAttributeView) AclEntry(java.nio.file.attribute.AclEntry) PosixFilePermission(java.nio.file.attribute.PosixFilePermission) PosixFileAttributeView(java.nio.file.attribute.PosixFileAttributeView)

Example 3 with AclEntry

use of java.nio.file.attribute.AclEntry in project keycloak by keycloak.

the class IoUtil method setWindowsPermissions.

private static void setWindowsPermissions(Path path) throws IOException {
    AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
    UserPrincipal owner = view.getOwner();
    List<AclEntry> acl = view.getAcl();
    ListIterator<AclEntry> it = acl.listIterator();
    while (it.hasNext()) {
        AclEntry entry = it.next();
        if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) {
            continue;
        }
        it.remove();
    }
    AclEntry entry = AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(owner).setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE).build();
    acl.add(entry);
    view.setAcl(acl);
}
Also used : AclFileAttributeView(java.nio.file.attribute.AclFileAttributeView) AclEntry(java.nio.file.attribute.AclEntry) UserPrincipal(java.nio.file.attribute.UserPrincipal)

Example 4 with AclEntry

use of java.nio.file.attribute.AclEntry in project keycloak by keycloak.

the class IoUtil method setWindowsPermissions.

private static void setWindowsPermissions(Path path) throws IOException {
    AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
    UserPrincipal owner = view.getOwner();
    List<AclEntry> acl = view.getAcl();
    ListIterator<AclEntry> it = acl.listIterator();
    while (it.hasNext()) {
        AclEntry entry = it.next();
        if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) {
            continue;
        }
        it.remove();
    }
    AclEntry entry = AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(owner).setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE).build();
    acl.add(entry);
    view.setAcl(acl);
}
Also used : AclFileAttributeView(java.nio.file.attribute.AclFileAttributeView) AclEntry(java.nio.file.attribute.AclEntry) UserPrincipal(java.nio.file.attribute.UserPrincipal)

Example 5 with AclEntry

use of java.nio.file.attribute.AclEntry in project che by eclipse.

the class WindowsSshScript method protectPrivateKeyFile.

@Override
protected void protectPrivateKeyFile(File sshKey) throws ServerException {
    try {
        AclFileAttributeView attributes = Files.getFileAttributeView(sshKey.toPath(), AclFileAttributeView.class);
        AclEntry.Builder builder = AclEntry.newBuilder();
        builder.setType(ALLOW);
        String ownerName = System.getProperty(OWNER_NAME_PROPERTY);
        UserPrincipal userPrincipal = FileSystems.getDefault().getUserPrincipalLookupService().lookupPrincipalByName(ownerName);
        builder.setPrincipal(userPrincipal);
        builder.setPermissions(READ_DATA, APPEND_DATA, READ_NAMED_ATTRS, READ_ATTRIBUTES, DELETE, READ_ACL, SYNCHRONIZE);
        AclEntry entry = builder.build();
        List<AclEntry> aclEntryList = new ArrayList<>();
        aclEntryList.add(entry);
        attributes.setAcl(aclEntryList);
    } catch (IOException e) {
        throw new ServerException("Failed to set file permissions");
    }
}
Also used : ServerException(org.eclipse.che.api.core.ServerException) AclFileAttributeView(java.nio.file.attribute.AclFileAttributeView) AclEntry(java.nio.file.attribute.AclEntry) ArrayList(java.util.ArrayList) IOException(java.io.IOException) UserPrincipal(java.nio.file.attribute.UserPrincipal)

Aggregations

AclEntry (java.nio.file.attribute.AclEntry)8 UserPrincipal (java.nio.file.attribute.UserPrincipal)7 AclFileAttributeView (java.nio.file.attribute.AclFileAttributeView)6 Path (java.nio.file.Path)4 ArrayList (java.util.ArrayList)4 AclEntryPermission (java.nio.file.attribute.AclEntryPermission)3 FileAttribute (java.nio.file.attribute.FileAttribute)3 PosixFilePermission (java.nio.file.attribute.PosixFilePermission)3 IOException (java.io.IOException)2 AclEntryFlag (java.nio.file.attribute.AclEntryFlag)2 List (java.util.List)2 ListIterator (java.util.ListIterator)2 File (java.io.File)1 PosixFileAttributeView (java.nio.file.attribute.PosixFileAttributeView)1 IllegalConfigurationException (org.apache.qpid.server.configuration.IllegalConfigurationException)1 ServerException (org.eclipse.che.api.core.ServerException)1 Test (org.junit.Test)1