StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p><strong>Use SecurityManager!</strong></p> <ol> <li>Put current unix user id into ThreadLocal</li> <li>Create your own SecurityManager that checks unix user permissions on checkRead() and checkWrite()</li> <li>System.setSecurityManager(new MySecurityManager())</li> <li>Enjoy</li> </ol> <p><strong>Update</strong></p> <p>There is no, of course, standard library to read unix file permissions. It's not WORA. </p> <p>But I have tried briefly to find a ready to use library, and found this one: <a href="http://jan.newmarch.name/java/posix/" rel="nofollow noreferrer">http://jan.newmarch.name/java/posix/</a> It uses JNI, but you don't need to write your own JNI code, which is a big relief. :) I'm sure there must also be others.</p> <p>Class Stat from there gives you all required access information: <a href="http://jan.newmarch.name/java/posix/posix.Stat.html" rel="nofollow noreferrer">http://jan.newmarch.name/java/posix/posix.Stat.html</a></p> <p><strong>Update 2</strong></p> <p>As folks mentioned, this approach fails to check for "non-standard" unix security features, such as ACL or Posix Capabilities (may be; not sure if they apply to files). But if the goal of being totally in sync with host OS security is set, then we even more need to use SecurityManager, because it's a JVM-wide protection mechanism! Yes, we can start a child SUID-process to verify the permissions (and keep it running, talking to it via pipe running while the user is logged in), <strong>but we need to do so from SecurityManager</strong>!</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload