@Test public void testTerminateQueueCannotDeleteDirectory() throws IOException { String queueName = "queueCannotDelete"; File queueDir = new File("target", queueName); ReportExporter exporter = mock(ReportExporter.class); BatchProcessorConfig config = mock(BatchProcessorConfig.class); when(config.getDataDirectory()).thenReturn("target"); when(config.getQueueSize()).thenReturn(5); FileUtil.deleteDirectory(queueDir); queueFactory = new QueueFactory(config, exporter); Set<PosixFilePermission> permissions = new HashSet<>(); permissions.add(PosixFilePermission.OWNER_READ); queueFactory.create(queueName); assertTrue(queueDir.exists()); Files.setPosixFilePermissions(queueDir.toPath(), permissions); try { queueFactory.terminate(queueName); fail("Expected IllegalStateException"); } catch (IllegalStateException e) { assertTrue(true); } permissions = new HashSet<>(); permissions.add(PosixFilePermission.OWNER_WRITE); permissions.add(PosixFilePermission.OWNER_READ); permissions.add(PosixFilePermission.OWNER_EXECUTE); Files.setPosixFilePermissions(queueDir.toPath(), permissions); FileUtil.deleteDirectory(queueDir); }
private synchronized void saveProperties(final Properties nifiProps, final Logger logger) throws IOException { final File statusFile = getStatusFile(logger); if (statusFile.exists() && !statusFile.delete()) { logger.warn("Failed to delete {}", statusFile); } if (!statusFile.createNewFile()) { throw new IOException("Failed to create file " + statusFile); } try { final Set<PosixFilePermission> perms = new HashSet<>(); perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); Files.setPosixFilePermissions(statusFile.toPath(), perms); } catch (final Exception e) { logger.warn( "Failed to set permissions so that only the owner can read status file {}; " + "this may allows others to have access to the key needed to communicate with NiFi. " + "Permissions should be changed so that only the owner can read this file", statusFile); } try (final FileOutputStream fos = new FileOutputStream(statusFile)) { nifiProps.store(fos, null); fos.getFD().sync(); } logger.debug("Saved Properties {} to {}", new Object[] {nifiProps, statusFile}); }
@Override public void setBlobAccess(String container, String name, BlobAccess access) { Path path = new File(buildPathStartingFromBaseDir(container, name)).toPath(); if (isWindows()) { try { if (access == BlobAccess.PRIVATE) { setPrivate(path); } else { setPublic(path); } } catch (IOException e) { throw new RuntimeException(e); } } else { Set<PosixFilePermission> permissions; try { permissions = getPosixFilePermissions(path); if (access == BlobAccess.PRIVATE) { permissions.remove(PosixFilePermission.OTHERS_READ); } else if (access == BlobAccess.PUBLIC_READ) { permissions.add(PosixFilePermission.OTHERS_READ); } setPosixFilePermissions(path, permissions); } catch (IOException ioe) { throw Throwables.propagate(ioe); } } }
private void disableLogFileAccess() throws IOException { logFile.createNewFile(); logFile.deleteOnExit(); Path path = Paths.get(logFile.toURI()); Set<PosixFilePermission> permissions = Collections.emptySet(); try { Files.setPosixFilePermissions(path, permissions); } catch (UnsupportedOperationException e) { path.toFile().setReadOnly(); } }
private void createTmpFile(Path filePath, String content, String exceptionPrefix) { try (BufferedWriter out = Files.newBufferedWriter(filePath, Charset.defaultCharset())) { Set<PosixFilePermission> permissions = new HashSet<>(); permissions.add(PosixFilePermission.OWNER_READ); permissions.add(PosixFilePermission.OWNER_WRITE); Files.setPosixFilePermissions(filePath, permissions); out.write(content); } catch (Exception e) { throw SyssvcException.syssvcExceptions.localRepoError(exceptionPrefix + e); } }
// "randomize" the file attributes of the given file. static void randomizeAttributes(Path file) throws IOException { String os = System.getProperty("os.name"); boolean isWindows = os.startsWith("Windows"); boolean isUnix = os.equals("SunOS") || os.equals("Linux"); boolean isDirectory = isDirectory(file, NOFOLLOW_LINKS); if (isUnix) { Set<PosixFilePermission> perms = getPosixFilePermissions(file, NOFOLLOW_LINKS); PosixFilePermission[] toChange = { PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_WRITE, PosixFilePermission.OTHERS_EXECUTE }; for (PosixFilePermission perm : toChange) { if (heads()) { perms.add(perm); } else { perms.remove(perm); } } setPosixFilePermissions(file, perms); } if (isWindows) { DosFileAttributeView view = getFileAttributeView(file, DosFileAttributeView.class, NOFOLLOW_LINKS); // only set or unset the hidden attribute view.setHidden(heads()); } boolean addUserDefinedFileAttributes = heads() && getFileStore(file).supportsFileAttributeView("xattr"); // remove this when copying a direcory copies its named streams if (isWindows && isDirectory) addUserDefinedFileAttributes = false; if (addUserDefinedFileAttributes) { UserDefinedFileAttributeView view = getFileAttributeView(file, UserDefinedFileAttributeView.class); int n = rand.nextInt(16); while (n > 0) { byte[] value = new byte[1 + rand.nextInt(100)]; view.write("user." + Integer.toString(n), ByteBuffer.wrap(value)); n--; } } }
/** * Makes home folder and the configuration file readable and writable only to the owner. * * @param cs the <tt>ConfigurationService</tt> instance to check for home folder and configuration * file. */ private static void fixPermissions(ConfigurationService cs) { if (!OSUtils.IS_LINUX && !OSUtils.IS_MAC) return; try { // let's check config file and config folder File homeFolder = new File(cs.getScHomeDirLocation(), cs.getScHomeDirName()); Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>() { { add(PosixFilePermission.OWNER_READ); add(PosixFilePermission.OWNER_WRITE); add(PosixFilePermission.OWNER_EXECUTE); } }; Files.setPosixFilePermissions(Paths.get(homeFolder.getAbsolutePath()), perms); String fileName = cs.getConfigurationFilename(); if (fileName != null) { File cf = new File(homeFolder, fileName); if (cf.exists()) { perms = new HashSet<PosixFilePermission>() { { add(PosixFilePermission.OWNER_READ); add(PosixFilePermission.OWNER_WRITE); } }; Files.setPosixFilePermissions(Paths.get(cf.getAbsolutePath()), perms); } } } catch (Throwable t) { logger.error("Error creating c lib instance for fixing file permissions", t); if (t instanceof InterruptedException) Thread.currentThread().interrupt(); else if (t instanceof ThreadDeath) throw (ThreadDeath) t; } }
public void write(String dir, InputStream inputStream, String fileName) { try { File file = new File(dir + "/" + fileName); file.deleteOnExit(); FileOutputStream outputStream = new FileOutputStream(file); copy(inputStream, outputStream); closeQuietly(inputStream); closeQuietly(outputStream); Set<PosixFilePermission> perms = new HashSet<>(); perms.add(OWNER_READ); perms.add(OWNER_WRITE); perms.add(OWNER_EXECUTE); setPosixFilePermissions(file.toPath(), perms); } catch (IOException e) { // TODO:: throw an appropriate exception } }
@Override public OutputStream receiveUpload(String fileName, String mimeType) { FileOutputStream outStream = null; try { File file = keyService.addFile(username, keyNameField.getValue(), fileName); outStream = new FileOutputStream(file); /** SSH requires that key files only have read-write permissions for OWNER */ Set<PosixFilePermission> permissions = new HashSet<PosixFilePermission>(); permissions.add(PosixFilePermission.OWNER_READ); permissions.add(PosixFilePermission.OWNER_WRITE); Files.setPosixFilePermissions(file.toPath(), permissions); } catch (IOException e) { LOG.error("Error while setting key file permissions.", e); } return outStream; }
public int execute(String[] args, @Nullable Path workingDir) throws IOException { if (!Files.isExecutable(file)) { Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>(); perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_EXECUTE); Files.setPosixFilePermissions(file, perms); } ExecuteWatchdog watchdog = new ExecuteWatchdog(TIMEOUT); CommandLine cmd = new CommandLine(file.toFile()); cmd.addArguments(args); DefaultExecutor exec = new DefaultExecutor(); exec.setWatchdog(watchdog); exec.setStreamHandler(createStreamHandler()); exec.setExitValues(null); if (workingDir != null) { exec.setWorkingDirectory(workingDir.toFile()); } in.close(); LOG.info("Executing: {}", cmd.toString()); return exec.execute(cmd); }
/* * Make file non-readable by modifying its permissions. * If file supports "posix" attributes, then modify it. * Otherwise check for "acl" attributes. */ private static void makeFileNonReadable(String file) throws IOException { Path filePath = Paths.get(file); Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews(); if (supportedAttr.contains("posix")) { Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----")); } else if (supportedAttr.contains("acl")) { UserPrincipal fileOwner = Files.getOwner(filePath); AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class); AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.DENY) .setPrincipal(fileOwner) .setPermissions(AclEntryPermission.READ_DATA) .build(); List<AclEntry> acl = view.getAcl(); acl.add(0, entry); view.setAcl(acl); } }
public void setAttrs(FileAttrs attrs) throws IOException { UserPrincipal posixOwner; GroupPrincipal posixGroup; Set<PosixFilePermission> posixPerms; UserPrincipalLookupService lookup; if (System.getProperty("os.name").startsWith("Windows")) { Files.setAttribute(this.path.toPath(), "dos:archive", attrs.getDosArchive()); Files.setAttribute(this.path.toPath(), "dos:hidden", attrs.getDosHidden()); Files.setAttribute(this.path.toPath(), "dos:readonly", attrs.getDosReadonly()); Files.setAttribute(this.path.toPath(), "dos:system", attrs.getDosSystem()); } else { lookup = this.path.toPath().getFileSystem().getUserPrincipalLookupService(); posixOwner = lookup.lookupPrincipalByName(attrs.getPosixOwner()); posixGroup = lookup.lookupPrincipalByGroupName(attrs.getPosixGroup()); posixPerms = PosixFilePermissions.fromString(attrs.getPosixPermission()); Files.setOwner(this.path.toPath(), posixOwner); Files.getFileAttributeView(this.path.toPath(), PosixFileAttributeView.class) .setGroup(posixGroup); Files.setPosixFilePermissions(this.path.toPath(), posixPerms); } }
protected void doExecute() throws Exception { startupRepositories = nonNullList(startupRepositories); bootRepositories = nonNullList(bootRepositories); installedRepositories = nonNullList(installedRepositories); startupBundles = nonNullList(startupBundles); bootBundles = nonNullList(bootBundles); installedBundles = nonNullList(installedBundles); blacklistedBundles = nonNullList(blacklistedBundles); startupFeatures = nonNullList(startupFeatures); bootFeatures = nonNullList(bootFeatures); installedFeatures = nonNullList(installedFeatures); blacklistedFeatures = nonNullList(blacklistedFeatures); startupProfiles = nonNullList(startupProfiles); bootProfiles = nonNullList(bootProfiles); installedProfiles = nonNullList(installedProfiles); blacklistedProfiles = nonNullList(blacklistedProfiles); if (!startupProfiles.isEmpty() || !bootProfiles.isEmpty() || !installedProfiles.isEmpty()) { if (profilesUri == null) { throw new IllegalArgumentException("profilesDirectory must be specified"); } } if (featureRepositories != null && !featureRepositories.isEmpty()) { getLog() .warn( "Use of featureRepositories is deprecated, use startupRepositories, bootRepositories or installedRepositories instead"); startupRepositories.addAll(featureRepositories); bootRepositories.addAll(featureRepositories); installedRepositories.addAll(featureRepositories); } StringBuilder remote = new StringBuilder(); for (Object obj : project.getRemoteProjectRepositories()) { if (remote.length() > 0) { remote.append(","); } remote.append(invoke(obj, "getUrl")); remote.append("@id=").append(invoke(obj, "getId")); if (!((Boolean) invoke(getPolicy(obj, false), "isEnabled"))) { remote.append("@noreleases"); } if ((Boolean) invoke(getPolicy(obj, true), "isEnabled")) { remote.append("@snapshots"); } } getLog().info("Using repositories: " + remote.toString()); Builder builder = Builder.newInstance(); builder.offline(mavenSession.isOffline()); builder.localRepository(localRepo.getBasedir()); builder.mavenRepositories(remote.toString()); builder.javase(javase); // Set up blacklisted items builder.blacklistBundles(blacklistedBundles); builder.blacklistFeatures(blacklistedFeatures); builder.blacklistProfiles(blacklistedProfiles); builder.blacklistPolicy(blacklistPolicy); if (propertyFileEdits != null) { File file = new File(propertyFileEdits); if (file.exists()) { KarafPropertyEdits edits; try (InputStream editsStream = new FileInputStream(propertyFileEdits)) { KarafPropertyInstructionsModelStaxReader kipmsr = new KarafPropertyInstructionsModelStaxReader(); edits = kipmsr.read(editsStream, true); } builder.propertyEdits(edits); } } Map<String, String> urls = new HashMap<>(); List<Artifact> artifacts = new ArrayList<>(project.getAttachedArtifacts()); artifacts.add(project.getArtifact()); for (Artifact artifact : artifacts) { if (artifact.getFile() != null && artifact.getFile().exists()) { String mvnUrl = "mvn:" + artifact.getGroupId() + "/" + artifact.getArtifactId() + "/" + artifact.getVersion(); String type = artifact.getType(); if ("bundle".equals(type)) { type = "jar"; } if (!"jar".equals(type) || artifact.getClassifier() != null) { mvnUrl += "/" + type; if (artifact.getClassifier() != null) { mvnUrl += "/" + artifact.getClassifier(); } } urls.put(mvnUrl, artifact.getFile().toURI().toString()); } } if (translatedUrls != null) { urls.putAll(translatedUrls); } builder.translatedUrls(urls); // creating system directory getLog().info("Creating work directory"); builder.homeDirectory(workDirectory.toPath()); IoUtils.deleteRecursive(workDirectory); workDirectory.mkdirs(); List<String> startupKars = new ArrayList<>(); List<String> bootKars = new ArrayList<>(); List<String> installedKars = new ArrayList<>(); // Loading kars and features repositories getLog().info("Loading kar and features repositories dependencies"); for (Artifact artifact : project.getDependencyArtifacts()) { Builder.Stage stage; switch (artifact.getScope()) { case "compile": stage = Builder.Stage.Startup; break; case "runtime": stage = Builder.Stage.Boot; break; case "provided": stage = Builder.Stage.Installed; break; default: continue; } if ("kar".equals(artifact.getType())) { String uri = artifactToMvn(artifact); switch (stage) { case Startup: startupKars.add(uri); break; case Boot: bootKars.add(uri); break; case Installed: installedKars.add(uri); break; } } else if ("features".equals(artifact.getClassifier())) { String uri = artifactToMvn(artifact); switch (stage) { case Startup: startupRepositories.add(uri); break; case Boot: bootRepositories.add(uri); break; case Installed: installedRepositories.add(uri); break; } } else if ("jar".equals(artifact.getType()) || "bundle".equals(artifact.getType())) { String uri = artifactToMvn(artifact); switch (stage) { case Startup: startupBundles.add(uri); break; case Boot: bootBundles.add(uri); break; case Installed: installedBundles.add(uri); break; } } } builder .karafVersion(karafVersion) .useReferenceUrls(useReferenceUrls) .defaultAddAll(installAllFeaturesByDefault) .ignoreDependencyFlag(ignoreDependencyFlag); if (profilesUri != null) { builder.profilesUris(profilesUri); } if (libraries != null) { builder.libraries(libraries.toArray(new String[libraries.size()])); } // Startup builder .defaultStage(Builder.Stage.Startup) .kars(toArray(startupKars)) .repositories( startupFeatures.isEmpty() && startupProfiles.isEmpty() && installAllFeaturesByDefault, toArray(startupRepositories)) .features(toArray(startupFeatures)) .bundles(toArray(startupBundles)) .profiles(toArray(startupProfiles)); // Boot builder .defaultStage(Builder.Stage.Boot) .kars(toArray(bootKars)) .repositories( bootFeatures.isEmpty() && bootProfiles.isEmpty() && installAllFeaturesByDefault, toArray(bootRepositories)) .features(toArray(bootFeatures)) .bundles(toArray(bootBundles)) .profiles(toArray(bootProfiles)); // Installed builder .defaultStage(Builder.Stage.Installed) .kars(toArray(installedKars)) .repositories( installedFeatures.isEmpty() && installedProfiles.isEmpty() && installAllFeaturesByDefault, toArray(installedRepositories)) .features(toArray(installedFeatures)) .bundles(toArray(installedBundles)) .profiles(toArray(installedProfiles)); // Generate the assembly builder.generateAssembly(); // Include project classes content if (includeBuildOutputDirectory) IoUtils.copyDirectory(new File(project.getBuild().getOutputDirectory()), workDirectory); // Overwrite assembly dir contents if (sourceDirectory.exists()) IoUtils.copyDirectory(sourceDirectory, workDirectory); // Chmod the bin/* scripts File[] files = new File(workDirectory, "bin").listFiles(); if (files != null) { for (File file : files) { if (!file.getName().endsWith(".bat")) { try { Files.setPosixFilePermissions( file.toPath(), PosixFilePermissions.fromString("rwxr-xr-x")); } catch (Throwable ignore) { // we tried our best, perhaps the OS does not support posix file perms. } } } } }