List of usage examples for java.nio.file.attribute PosixFilePermission GROUP_EXECUTE
PosixFilePermission GROUP_EXECUTE
To view the source code for java.nio.file.attribute PosixFilePermission GROUP_EXECUTE.
Click Source Link
From source file:org.assertj.examples.PathAssertionsExamples.java
@Test public void path_rwx_assertion() throws Exception { assumeTrue(SystemUtils.IS_OS_UNIX);/* ww w .ja va2s . c om*/ // Create a file and set permissions to be readable by all. write(rwxFile, "rwx file".getBytes()); // using PosixFilePermission to set file permissions 777 Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>(); // add owners permission perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); // add group permissions perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_WRITE); perms.add(PosixFilePermission.GROUP_EXECUTE); // add others permissions perms.add(PosixFilePermission.OTHERS_READ); perms.add(PosixFilePermission.OTHERS_WRITE); perms.add(PosixFilePermission.OTHERS_EXECUTE); Files.setPosixFilePermissions(rwxFile, perms); final Path symlinkToRwxFile = FileSystems.getDefault().getPath("symlink-to-rwxFile"); if (!Files.exists(symlinkToRwxFile)) { createSymbolicLink(symlinkToRwxFile, rwxFile); } // The following assertions succeed: assertThat(rwxFile).isReadable().isWritable().isExecutable(); assertThat(symlinkToRwxFile).isReadable().isWritable().isExecutable(); }
From source file:org.verwandlung.voj.judger.core.Preprocessor.java
/** * ???.//from ww w . ja v a2 s.co m * Linux, ?UID=1536?, ?Others???. * @param workDirectory */ private void setWorkDirectoryPermission(File workDirectory) throws IOException { if (!System.getProperty("os.name").contains("Windows")) { Set<PosixFilePermission> permissions = new HashSet<>(); permissions.add(PosixFilePermission.OWNER_READ); permissions.add(PosixFilePermission.OWNER_WRITE); permissions.add(PosixFilePermission.OWNER_EXECUTE); permissions.add(PosixFilePermission.GROUP_READ); permissions.add(PosixFilePermission.GROUP_WRITE); permissions.add(PosixFilePermission.GROUP_EXECUTE); permissions.add(PosixFilePermission.OTHERS_READ); permissions.add(PosixFilePermission.OTHERS_WRITE); permissions.add(PosixFilePermission.OTHERS_EXECUTE); Files.setPosixFilePermissions(workDirectory.toPath(), permissions); } }
From source file:org.apache.hadoop.yarn.server.security.CertificateLocalizationService.java
@Override protected void serviceInit(Configuration conf) throws Exception { parseSuperuserMaterial(conf);/*from w w w . j a v a 2 s .c o m*/ String localizationDir = service.toString() + "_" + LOCALIZATION_DIR_NAME; materializeDir = Paths.get(SYSTEM_TMP, localizationDir); File fileMaterializeDir = materializeDir.toFile(); if (!fileMaterializeDir.exists()) { fileMaterializeDir.mkdir(); Set<PosixFilePermission> materializeDirPerm; if (service == ServiceType.NM) { // the nm user should have full access to the directory, everyone else should have only execute access // to traverse the directory materializeDirPerm = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_EXECUTE); } else { // Only the rm user should access to this directory materializeDirPerm = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE); } Files.setPosixFilePermissions(materializeDir, materializeDirPerm); } LOG.debug("Initialized at dir: " + materializeDir.toString()); super.serviceInit(conf); }
From source file:org.ng200.openolympus.cerberus.executors.JavaExecutor.java
@Override public ExecutionResult execute(final Path program) throws IOException { final Path chrootRoot = this.storage.getPath().resolve("chroot"); final Path chrootedProgram = chrootRoot.resolve(program.getFileName().toString()); FileAccess.createDirectories(chrootedProgram); FileAccess.copyDirectory(program, chrootedProgram, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.COPY_ATTRIBUTES); final Path outOfMemoryFile = chrootRoot.resolve("outOfMemory"); final Path policyFile = this.storage.getPath().resolve("olymp.policy"); try (Stream<Path> paths = FileAccess.walkPaths(storage.getPath())) { paths.forEach(path -> {//from w ww .j a v a2 s. com try { Files.setPosixFilePermissions(path, new HashSet<PosixFilePermission>( Lists.from(PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.OTHERS_EXECUTE, PosixFilePermission.OTHERS_READ))); } catch (Exception e) { throw new RuntimeException(e); } }); } this.buildPolicy(chrootRoot, policyFile); final CommandLine commandLine = new CommandLine("sudo"); commandLine.addArgument("olympus_watchdog"); this.setUpOlrunnerLimits(commandLine); commandLine.addArgument("--security=0"); commandLine.addArgument("--jail=/"); commandLine.addArgument("--"); commandLine.addArgument("/usr/bin/java"); commandLine.addArgument("-classpath"); commandLine.addArgument(chrootedProgram.toAbsolutePath().toString()); commandLine.addArgument("-Djava.security.manager"); commandLine.addArgument("-Djava.security.policy=" + policyFile.toAbsolutePath().toString()); commandLine.addArgument("-Xmx" + this.getMemoryLimit()); commandLine.addArgument("-Xms" + this.getMemoryLimit()); commandLine.addArgument(MessageFormat.format("-XX:OnOutOfMemoryError=touch {0}; echo \"\" > {0}", outOfMemoryFile.toAbsolutePath().toString()), false); commandLine.addArgument("Main"); final DefaultExecutor executor = new DefaultExecutor(); executor.setWatchdog(new ExecuteWatchdog(20000)); // 20 seconds for the // sandbox to // complete executor.setWorkingDirectory(chrootRoot.toFile()); executor.setStreamHandler(new PumpStreamHandler(this.outputStream, this.errorStream, this.inputStream)); try { executor.execute(commandLine); } catch (final IOException e) { if (!e.getMessage().toLowerCase().equals("stream closed")) { throw e; } } final ExecutionResult readOlrunnerVerdict = this.readOlrunnerVerdict(chrootRoot.resolve("verdict.txt")); if (FileAccess.exists(outOfMemoryFile)) { readOlrunnerVerdict.setResultType(ExecutionResultType.MEMORY_LIMIT); } readOlrunnerVerdict.setMemoryPeak(this.getMemoryLimit()); return readOlrunnerVerdict; }
From source file:ch.psi.zmq.receiver.FileReceiver.java
/** * Receive ZMQ messages with pilatus-1.0 header type and write the data part * to disk//w w w.j a va2 s . co m */ public void receive(Integer numImages) { try { done = false; counter = 0; counterDropped = 0; receive = true; context = ZMQ.context(1); socket = context.socket(ZMQ.PULL); socket.connect("tcp://" + hostname + ":" + port); ObjectMapper mapper = new ObjectMapper(); TypeReference<HashMap<String, Object>> typeRef = new TypeReference<HashMap<String, Object>>() { }; String path = ""; // User lookup service UserPrincipalLookupService lookupservice = FileSystems.getDefault().getUserPrincipalLookupService(); Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>(); perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_WRITE); while (receive) { try { byte[] message = socket.recv(); byte[] content = null; if (socket.hasReceiveMore()) { content = socket.recv(); } logger.info("Message received: " + new String(message)); Map<String, Object> h = mapper.readValue(message, typeRef); if (!"pilatus-1.0".equals(h.get("htype"))) { logger.warning("Message type [" + h.get("htype") + "] not supported - ignore message"); continue; } String username = (String) h.get("username"); // Save content to file (in basedir) String p = (String) h.get("path"); if (!p.startsWith("/")) { p = basedir + "/" + p; } File f = new File(p); // if(!f.exists()){ if (!path.equals(p)) { if (username == null) { logger.info("Create directory " + p + ""); f.mkdirs(); } else { logger.info("Create directory " + p + " for user " + username); try { Set<PosixFilePermission> permissions = new HashSet<PosixFilePermission>(); permissions.add(PosixFilePermission.OWNER_READ); permissions.add(PosixFilePermission.OWNER_WRITE); permissions.add(PosixFilePermission.OWNER_EXECUTE); permissions.add(PosixFilePermission.GROUP_READ); permissions.add(PosixFilePermission.GROUP_WRITE); permissions.add(PosixFilePermission.GROUP_EXECUTE); // username and groupname is the same by // convention mkdir(f, lookupservice.lookupPrincipalByName(username), lookupservice.lookupPrincipalByGroupName(username), permissions); } catch (IOException e) { throw new RuntimeException("Unable to create directory for user " + username + "", e); } } path = p; } File file = new File(f, (String) h.get("filename")); logger.finest("Write to " + file.getAbsolutePath()); try (FileOutputStream s = new FileOutputStream(file)) { s.write(content); } if (username != null) { Files.setOwner(file.toPath(), lookupservice.lookupPrincipalByName(username)); // username and groupname is the same by convention Files.getFileAttributeView(file.toPath(), PosixFileAttributeView.class, LinkOption.NOFOLLOW_LINKS) .setGroup(lookupservice.lookupPrincipalByGroupName(username)); Files.setPosixFilePermissions(file.toPath(), perms); } counter++; if (numImages != null && numImages == counter) { break; } } catch (IOException e) { logger.log(Level.SEVERE, "", e); counterDropped++; } } } catch (Exception e) { if (receive) { e.printStackTrace(); } } }
From source file:io.hops.hopsworks.common.dao.jupyter.config.JupyterConfigFilesGenerator.java
private boolean createJupyterDirs(JupyterPaths jp) throws IOException { File projectDir = new File(jp.getProjectUserPath()); projectDir.mkdirs();/* www . ja v a 2 s .c o m*/ File baseDir = new File(jp.getNotebookPath()); baseDir.mkdirs(); // Set owner persmissions Set<PosixFilePermission> xOnly = new HashSet<>(); xOnly.add(PosixFilePermission.OWNER_WRITE); xOnly.add(PosixFilePermission.OWNER_READ); xOnly.add(PosixFilePermission.OWNER_EXECUTE); xOnly.add(PosixFilePermission.GROUP_WRITE); xOnly.add(PosixFilePermission.GROUP_EXECUTE); Set<PosixFilePermission> perms = new HashSet<>(); //add owners permission perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); //add group permissions perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_WRITE); perms.add(PosixFilePermission.GROUP_EXECUTE); //add others permissions perms.add(PosixFilePermission.OTHERS_READ); perms.add(PosixFilePermission.OTHERS_EXECUTE); Files.setPosixFilePermissions(Paths.get(jp.getNotebookPath()), perms); Files.setPosixFilePermissions(Paths.get(jp.getProjectUserPath()), xOnly); new File(jp.getConfDirPath() + "/custom").mkdirs(); new File(jp.getRunDirPath()).mkdirs(); new File(jp.getLogDirPath()).mkdirs(); new File(jp.getCertificatesDir()).mkdirs(); return true; }
From source file:org.mitre.mpf.wfm.util.PropertiesUtil.java
@PostConstruct private void init() throws IOException, WfmProcessingException { parseCoreMpfNodes();/*from w w w . j a v a 2 s . co m*/ mpfPropertiesConfig = mpfPropertiesConfigBuilder.getCompleteConfiguration(); if (!mediaTypesFile.exists()) { copyResource(mediaTypesFile, getMediaTypesTemplate()); } Set<PosixFilePermission> permissions = new HashSet<>(); permissions.add(PosixFilePermission.OWNER_READ); permissions.add(PosixFilePermission.OWNER_WRITE); permissions.add(PosixFilePermission.OWNER_EXECUTE); Path share = Paths.get(getSharePath()).toAbsolutePath(); if (!Files.exists(share)) { share = Files.createDirectories(share, PosixFilePermissions.asFileAttribute(permissions)); } if (!Files.exists(share) || !Files.isDirectory(share)) { throw new WfmProcessingException( String.format("Failed to create the path '%s'. It does not exist or it is not a directory.", share.toString())); } artifactsDirectory = createOrFail(share, "artifacts", permissions); markupDirectory = createOrFail(share, "markup", permissions); outputObjectsDirectory = createOrFail(share, "output-objects", permissions); remoteMediaCacheDirectory = createOrFail(share, "remote-media", permissions); uploadedComponentsDirectory = createOrFail(share, getComponentUploadDirName(), permissions); createOrFail(getPluginDeploymentPath().toPath(), "", EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_EXECUTE)); // create the default models directory, although the user may have set "detection.models.dir.path" to something else createOrFail(share, "models", permissions); log.info("All file resources are stored within the shared directory '{}'.", share); log.debug("Artifacts Directory = {}", artifactsDirectory); log.debug("Markup Directory = {}", markupDirectory); log.debug("Output Objects Directory = {}", outputObjectsDirectory); log.debug("Remote Media Cache Directory = {}", remoteMediaCacheDirectory); log.debug("Uploaded Components Directory = {}", uploadedComponentsDirectory); }
From source file:io.hops.hopsworks.common.security.CertificatesMgmService.java
@PostConstruct public void init() { masterPasswordFile = new File(settings.getHopsworksMasterEncPasswordFile()); if (!masterPasswordFile.exists()) { throw new IllegalStateException("Master encryption file does not exist"); }/*from w w w.ja v a2s .c o m*/ try { PosixFileAttributeView fileView = Files.getFileAttributeView(masterPasswordFile.toPath(), PosixFileAttributeView.class, LinkOption.NOFOLLOW_LINKS); Set<PosixFilePermission> filePermissions = fileView.readAttributes().permissions(); boolean ownerRead = filePermissions.contains(PosixFilePermission.OWNER_READ); boolean ownerWrite = filePermissions.contains(PosixFilePermission.OWNER_WRITE); boolean ownerExecute = filePermissions.contains(PosixFilePermission.OWNER_EXECUTE); boolean groupRead = filePermissions.contains(PosixFilePermission.GROUP_READ); boolean groupWrite = filePermissions.contains(PosixFilePermission.GROUP_WRITE); boolean groupExecute = filePermissions.contains(PosixFilePermission.GROUP_EXECUTE); boolean othersRead = filePermissions.contains(PosixFilePermission.OTHERS_READ); boolean othersWrite = filePermissions.contains(PosixFilePermission.OTHERS_WRITE); boolean othersExecute = filePermissions.contains(PosixFilePermission.OTHERS_EXECUTE); // Permissions should be 700 if ((ownerRead && ownerWrite && ownerExecute) && (!groupRead && !groupWrite && !groupExecute) && (!othersRead && !othersWrite && !othersExecute)) { String owner = fileView.readAttributes().owner().getName(); String group = fileView.readAttributes().group().getName(); String permStr = PosixFilePermissions.toString(filePermissions); LOG.log(Level.INFO, "Passed permissions check for file " + masterPasswordFile.getAbsolutePath() + ". Owner: " + owner + " Group: " + group + " Permissions: " + permStr); } else { throw new IllegalStateException("Wrong permissions for file " + masterPasswordFile.getAbsolutePath() + ", it should be 700"); } } catch (UnsupportedOperationException ex) { LOG.log(Level.WARNING, "Associated filesystem is not POSIX compliant. " + "Continue without checking the permissions of " + masterPasswordFile.getAbsolutePath() + " This might be a security problem."); } catch (IOException ex) { throw new IllegalStateException( "Error while getting POSIX permissions of " + masterPasswordFile.getAbsolutePath()); } // Register handlers when master encryption password changes MasterPasswordChangeHandler<CertsFacade> psUserCertsHandler = new PSUserCertsMasterPasswordHandler( userFacade); psUserCertsHandler.setFacade(certsFacade); registerMasterPasswordChangeHandler(UserCerts.class, psUserCertsHandler); MasterPasswordChangeHandler<CertsFacade> pgUserCertsHandler = new PGUserCertsMasterPasswordHandler( projectFacade); pgUserCertsHandler.setFacade(certsFacade); registerMasterPasswordChangeHandler(ProjectGenericUserCerts.class, pgUserCertsHandler); MasterPasswordChangeHandler<ClusterCertificateFacade> delaClusterCertsHandler = new DelaCertsMasterPasswordHandler( settings); delaClusterCertsHandler.setFacade(clusterCertificateFacade); registerMasterPasswordChangeHandler(ClusterCertificate.class, delaClusterCertsHandler); }
From source file:org.apache.storm.daemon.supervisor.AdvancedFSOps.java
/** * Set directory permissions to (OWNER)RWX (GROUP)R-X (OTHER)--- * On some systems that do not support this, it may become a noop * @param dir the directory to change permissions on * @throws IOException on any error/*from w w w . ja v a2s.co m*/ */ public void restrictDirectoryPermissions(File dir) throws IOException { Set<PosixFilePermission> perms = new HashSet<>(Arrays.asList(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_EXECUTE)); Files.setPosixFilePermissions(dir.toPath(), perms); }
From source file:org.kitodo.services.command.CommandServiceTest.java
public static void setFileExecuteable(File file) throws IOException { Set<PosixFilePermission> perms = new HashSet<>(); perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); perms.add(PosixFilePermission.OTHERS_READ); perms.add(PosixFilePermission.OTHERS_WRITE); perms.add(PosixFilePermission.OTHERS_EXECUTE); perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_WRITE); perms.add(PosixFilePermission.GROUP_EXECUTE); Files.setPosixFilePermissions(file.toPath(), perms); }