List of usage examples for java.nio.file.attribute PosixFilePermission OWNER_WRITE
PosixFilePermission OWNER_WRITE
To view the source code for java.nio.file.attribute PosixFilePermission OWNER_WRITE.
Click Source Link
From source file:org.apache.hadoop.yarn.server.nodemanager.containermanager.ContainerSecurityUpdaterTask.java
protected Set<PosixFilePermission> addOwnerWritePermission(Path target) throws IOException { Set<PosixFilePermission> permissions = Files.getPosixFilePermissions(target); if (permissions.add(PosixFilePermission.OWNER_WRITE)) { Files.setPosixFilePermissions(target, permissions); }//from w w w . j a v a 2 s . c o m return permissions; }
From source file:org.apache.hadoop.yarn.server.security.CertificateLocalizationService.java
@Override protected void serviceInit(Configuration conf) throws Exception { parseSuperuserMaterial(conf);/*from w w w . ja v a2 s . c om*/ String localizationDir = service.toString() + "_" + LOCALIZATION_DIR_NAME; materializeDir = Paths.get(SYSTEM_TMP, localizationDir); File fileMaterializeDir = materializeDir.toFile(); if (!fileMaterializeDir.exists()) { fileMaterializeDir.mkdir(); Set<PosixFilePermission> materializeDirPerm; if (service == ServiceType.NM) { // the nm user should have full access to the directory, everyone else should have only execute access // to traverse the directory materializeDirPerm = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_EXECUTE); } else { // Only the rm user should access to this directory materializeDirPerm = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE); } Files.setPosixFilePermissions(materializeDir, materializeDirPerm); } LOG.debug("Initialized at dir: " + materializeDir.toString()); super.serviceInit(conf); }
From source file:com.streamsets.datacollector.el.TestRuntimeEL.java
@Test public void testLoadResource() throws Exception { Path fooFile = Paths.get(resourcesDir.getPath(), "foo.txt"); try {/*www.java 2 s . co m*/ Files.write(fooFile, "Hello".getBytes(StandardCharsets.UTF_8)); RuntimeEL.loadRuntimeConfiguration(runtimeInfo); Assert.assertNull(RuntimeEL.loadResource("bar.txt", false)); Assert.assertNull(RuntimeEL.loadResource("bar.txt", true)); Assert.assertEquals("Hello", RuntimeEL.loadResource("foo.txt", false)); try { RuntimeEL.loadResource("foo.txt", true); Assert.fail(); } catch (IllegalArgumentException ex) { //nop } catch (Exception ex) { Assert.fail(); } Files.setPosixFilePermissions(fooFile, ImmutableSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)); Assert.assertEquals("Hello", RuntimeEL.loadResource("foo.txt", true)); try { Files.setPosixFilePermissions(fooFile, ImmutableSet.of(PosixFilePermission.OTHERS_READ)); Assert.assertEquals("Hello", RuntimeEL.loadResource("foo.txt", true)); Assert.fail(); } catch (IllegalArgumentException ex) { //NOP } try { Files.setPosixFilePermissions(fooFile, ImmutableSet.of(PosixFilePermission.OTHERS_WRITE)); Assert.assertEquals("Hello", RuntimeEL.loadResource("foo.txt", true)); Assert.fail(); } catch (IllegalArgumentException ex) { //NOP } } finally { Files.setPosixFilePermissions(fooFile, ImmutableSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)); } }
From source file:org.ng200.openolympus.cerberus.executors.JavaExecutor.java
@Override public ExecutionResult execute(final Path program) throws IOException { final Path chrootRoot = this.storage.getPath().resolve("chroot"); final Path chrootedProgram = chrootRoot.resolve(program.getFileName().toString()); FileAccess.createDirectories(chrootedProgram); FileAccess.copyDirectory(program, chrootedProgram, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.COPY_ATTRIBUTES); final Path outOfMemoryFile = chrootRoot.resolve("outOfMemory"); final Path policyFile = this.storage.getPath().resolve("olymp.policy"); try (Stream<Path> paths = FileAccess.walkPaths(storage.getPath())) { paths.forEach(path -> {//from w w w .ja va2s . c o m try { Files.setPosixFilePermissions(path, new HashSet<PosixFilePermission>( Lists.from(PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.OTHERS_EXECUTE, PosixFilePermission.OTHERS_READ))); } catch (Exception e) { throw new RuntimeException(e); } }); } this.buildPolicy(chrootRoot, policyFile); final CommandLine commandLine = new CommandLine("sudo"); commandLine.addArgument("olympus_watchdog"); this.setUpOlrunnerLimits(commandLine); commandLine.addArgument("--security=0"); commandLine.addArgument("--jail=/"); commandLine.addArgument("--"); commandLine.addArgument("/usr/bin/java"); commandLine.addArgument("-classpath"); commandLine.addArgument(chrootedProgram.toAbsolutePath().toString()); commandLine.addArgument("-Djava.security.manager"); commandLine.addArgument("-Djava.security.policy=" + policyFile.toAbsolutePath().toString()); commandLine.addArgument("-Xmx" + this.getMemoryLimit()); commandLine.addArgument("-Xms" + this.getMemoryLimit()); commandLine.addArgument(MessageFormat.format("-XX:OnOutOfMemoryError=touch {0}; echo \"\" > {0}", outOfMemoryFile.toAbsolutePath().toString()), false); commandLine.addArgument("Main"); final DefaultExecutor executor = new DefaultExecutor(); executor.setWatchdog(new ExecuteWatchdog(20000)); // 20 seconds for the // sandbox to // complete executor.setWorkingDirectory(chrootRoot.toFile()); executor.setStreamHandler(new PumpStreamHandler(this.outputStream, this.errorStream, this.inputStream)); try { executor.execute(commandLine); } catch (final IOException e) { if (!e.getMessage().toLowerCase().equals("stream closed")) { throw e; } } final ExecutionResult readOlrunnerVerdict = this.readOlrunnerVerdict(chrootRoot.resolve("verdict.txt")); if (FileAccess.exists(outOfMemoryFile)) { readOlrunnerVerdict.setResultType(ExecutionResultType.MEMORY_LIMIT); } readOlrunnerVerdict.setMemoryPeak(this.getMemoryLimit()); return readOlrunnerVerdict; }
From source file:org.apache.hadoop.yarn.server.nodemanager.containermanager.ContainerSecurityUpdaterTask.java
protected void removeOwnerWritePermission(Path target, Set<PosixFilePermission> permissions) throws IOException { if (permissions.remove(PosixFilePermission.OWNER_WRITE)) { Files.setPosixFilePermissions(target, permissions); }//from www . ja v a 2 s . com }
From source file:io.hops.hopsworks.common.dao.jupyter.config.JupyterConfigFilesGenerator.java
private boolean createJupyterDirs(JupyterPaths jp) throws IOException { File projectDir = new File(jp.getProjectUserPath()); projectDir.mkdirs();/*from w w w . j av a 2s. c o m*/ File baseDir = new File(jp.getNotebookPath()); baseDir.mkdirs(); // Set owner persmissions Set<PosixFilePermission> xOnly = new HashSet<>(); xOnly.add(PosixFilePermission.OWNER_WRITE); xOnly.add(PosixFilePermission.OWNER_READ); xOnly.add(PosixFilePermission.OWNER_EXECUTE); xOnly.add(PosixFilePermission.GROUP_WRITE); xOnly.add(PosixFilePermission.GROUP_EXECUTE); Set<PosixFilePermission> perms = new HashSet<>(); //add owners permission perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); //add group permissions perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_WRITE); perms.add(PosixFilePermission.GROUP_EXECUTE); //add others permissions perms.add(PosixFilePermission.OTHERS_READ); perms.add(PosixFilePermission.OTHERS_EXECUTE); Files.setPosixFilePermissions(Paths.get(jp.getNotebookPath()), perms); Files.setPosixFilePermissions(Paths.get(jp.getProjectUserPath()), xOnly); new File(jp.getConfDirPath() + "/custom").mkdirs(); new File(jp.getRunDirPath()).mkdirs(); new File(jp.getLogDirPath()).mkdirs(); new File(jp.getCertificatesDir()).mkdirs(); return true; }
From source file:com.spectralogic.ds3client.metadata.MetadataReceivedListenerImpl_Test.java
@Test public void testGettingMetadataFailureDoesntThrow() throws IOException, InterruptedException { Assume.assumeFalse(Platform.isWindows()); try {/*from ww w .j a v a 2 s. c o m*/ final String tempPathPrefix = null; final Path tempDirectory = Files.createTempDirectory(Paths.get("."), tempPathPrefix); final String fileName = "Gracie.txt"; final Path filePath = Files.createFile(Paths.get(tempDirectory.toString(), fileName)); try { // set permissions if (!Platform.isWindows()) { final PosixFileAttributes attributes = Files.readAttributes(filePath, PosixFileAttributes.class); final Set<PosixFilePermission> permissions = attributes.permissions(); permissions.clear(); permissions.add(PosixFilePermission.OWNER_READ); permissions.add(PosixFilePermission.OWNER_WRITE); Files.setPosixFilePermissions(filePath, permissions); } // get permissions final ImmutableMap.Builder<String, Path> fileMapper = ImmutableMap.builder(); fileMapper.put(filePath.toString(), filePath); final Map<String, String> metadataFromFile = new MetadataAccessImpl(fileMapper.build()) .getMetadataValue(filePath.toString()); FileUtils.deleteDirectory(tempDirectory.toFile()); // put old permissions back final Metadata metadata = new MetadataImpl(new MockedHeadersReturningKeys(metadataFromFile)); new MetadataReceivedListenerImpl(tempDirectory.toString()).metadataReceived(fileName, metadata); } finally { FileUtils.deleteDirectory(tempDirectory.toFile()); } } catch (final Throwable t) { fail("Throwing exceptions from metadata est verbotten"); } }
From source file:io.hops.hopsworks.common.security.CertificatesMgmService.java
@PostConstruct public void init() { masterPasswordFile = new File(settings.getHopsworksMasterEncPasswordFile()); if (!masterPasswordFile.exists()) { throw new IllegalStateException("Master encryption file does not exist"); }//w w w.j av a 2 s. c om try { PosixFileAttributeView fileView = Files.getFileAttributeView(masterPasswordFile.toPath(), PosixFileAttributeView.class, LinkOption.NOFOLLOW_LINKS); Set<PosixFilePermission> filePermissions = fileView.readAttributes().permissions(); boolean ownerRead = filePermissions.contains(PosixFilePermission.OWNER_READ); boolean ownerWrite = filePermissions.contains(PosixFilePermission.OWNER_WRITE); boolean ownerExecute = filePermissions.contains(PosixFilePermission.OWNER_EXECUTE); boolean groupRead = filePermissions.contains(PosixFilePermission.GROUP_READ); boolean groupWrite = filePermissions.contains(PosixFilePermission.GROUP_WRITE); boolean groupExecute = filePermissions.contains(PosixFilePermission.GROUP_EXECUTE); boolean othersRead = filePermissions.contains(PosixFilePermission.OTHERS_READ); boolean othersWrite = filePermissions.contains(PosixFilePermission.OTHERS_WRITE); boolean othersExecute = filePermissions.contains(PosixFilePermission.OTHERS_EXECUTE); // Permissions should be 700 if ((ownerRead && ownerWrite && ownerExecute) && (!groupRead && !groupWrite && !groupExecute) && (!othersRead && !othersWrite && !othersExecute)) { String owner = fileView.readAttributes().owner().getName(); String group = fileView.readAttributes().group().getName(); String permStr = PosixFilePermissions.toString(filePermissions); LOG.log(Level.INFO, "Passed permissions check for file " + masterPasswordFile.getAbsolutePath() + ". Owner: " + owner + " Group: " + group + " Permissions: " + permStr); } else { throw new IllegalStateException("Wrong permissions for file " + masterPasswordFile.getAbsolutePath() + ", it should be 700"); } } catch (UnsupportedOperationException ex) { LOG.log(Level.WARNING, "Associated filesystem is not POSIX compliant. " + "Continue without checking the permissions of " + masterPasswordFile.getAbsolutePath() + " This might be a security problem."); } catch (IOException ex) { throw new IllegalStateException( "Error while getting POSIX permissions of " + masterPasswordFile.getAbsolutePath()); } // Register handlers when master encryption password changes MasterPasswordChangeHandler<CertsFacade> psUserCertsHandler = new PSUserCertsMasterPasswordHandler( userFacade); psUserCertsHandler.setFacade(certsFacade); registerMasterPasswordChangeHandler(UserCerts.class, psUserCertsHandler); MasterPasswordChangeHandler<CertsFacade> pgUserCertsHandler = new PGUserCertsMasterPasswordHandler( projectFacade); pgUserCertsHandler.setFacade(certsFacade); registerMasterPasswordChangeHandler(ProjectGenericUserCerts.class, pgUserCertsHandler); MasterPasswordChangeHandler<ClusterCertificateFacade> delaClusterCertsHandler = new DelaCertsMasterPasswordHandler( settings); delaClusterCertsHandler.setFacade(clusterCertificateFacade); registerMasterPasswordChangeHandler(ClusterCertificate.class, delaClusterCertsHandler); }
From source file:com.twosigma.beaker.r.utils.RServerEvaluator.java
protected String makeTemp(String base, String suffix) throws IOException { File dir = new File(System.getenv("beaker_tmp_dir")); File tmp = File.createTempFile(base, suffix, dir); if (!iswindows) { Set<PosixFilePermission> perms = EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE); Files.setPosixFilePermissions(tmp.toPath(), perms); }// www.j ava 2 s .co m String r = tmp.getAbsolutePath(); logger.debug("returns {}", r); return r; }
From source file:org.apache.storm.daemon.supervisor.AdvancedFSOps.java
/** * Set directory permissions to (OWNER)RWX (GROUP)R-X (OTHER)--- * On some systems that do not support this, it may become a noop * @param dir the directory to change permissions on * @throws IOException on any error//from ww w. j a v a2s . c o m */ public void restrictDirectoryPermissions(File dir) throws IOException { Set<PosixFilePermission> perms = new HashSet<>(Arrays.asList(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_EXECUTE)); Files.setPosixFilePermissions(dir.toPath(), perms); }