private static void makeFileNonReadable(String file) throws IOException { Path filePath = Paths.get(file); Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews(); if (supportedAttr.contains("posix")) { Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----")); } else if (supportedAttr.contains("acl")) { UserPrincipal fileOwner = Files.getOwner(filePath); AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class); AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.DENY) .setPrincipal(fileOwner) .setPermissions(AclEntryPermission.READ_DATA) .build(); List<AclEntry> acl = view.getAcl(); acl.add(0, entry); view.setAcl(acl); } }
/** * Add the proper File-System permissions to a file so that SQL Server can run a RESTORE query. * * @param username The username that SQL Server runs as, e.g. "NETWORK SERVICE" * @param file The file whose permissions will be modified. * @throws IOException */ public static void addRestorePermissions(String username, Path file) throws IOException { AclFileAttributeView aclAttr = Files.getFileAttributeView(file, AclFileAttributeView.class); UserPrincipalLookupService currULS = file.getFileSystem().getUserPrincipalLookupService(); UserPrincipal principal = currULS.lookupPrincipalByName(username); AclEntry.Builder builder = AclEntry.newBuilder(); builder.setPermissions(EnumSet.of(AclEntryPermission.READ_DATA, AclEntryPermission.READ_ACL, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.SYNCHRONIZE)); builder.setPrincipal(principal); builder.setType(AclEntryType.ALLOW); aclAttr.setAcl(Collections.singletonList(builder.build())); }
@Override protected void protectPrivateKeyFile(File sshKey) throws ServerException { try { AclFileAttributeView attributes = Files.getFileAttributeView(sshKey.toPath(), AclFileAttributeView.class); AclEntry.Builder builder = AclEntry.newBuilder(); builder.setType(ALLOW); String ownerName = System.getProperty(OWNER_NAME_PROPERTY); UserPrincipal userPrincipal = FileSystems.getDefault().getUserPrincipalLookupService().lookupPrincipalByName(ownerName); builder.setPrincipal(userPrincipal); builder.setPermissions( READ_DATA, APPEND_DATA, READ_NAMED_ATTRS, READ_ATTRIBUTES, DELETE, READ_ACL, SYNCHRONIZE); AclEntry entry = builder.build(); List<AclEntry> aclEntryList = new ArrayList<>(); aclEntryList.add(entry); attributes.setAcl(aclEntryList); } catch (IOException e) { throw new ServerException("Failed to set file permissions"); } }
private Set<String> getSupportedFileAttributes(FileStore fs) { Set<String> attrs = new HashSet<String>(); if (fs.supportsFileAttributeView(AclFileAttributeView.class)) { attrs.add("acl"); } if (fs.supportsFileAttributeView(BasicFileAttributeView.class)) { attrs.add("basic"); } if (fs.supportsFileAttributeView(FileOwnerAttributeView.class)) { attrs.add("owner"); } if (fs.supportsFileAttributeView(UserDefinedFileAttributeView.class)) { attrs.add("user"); } if (fs.supportsFileAttributeView(DosFileAttributeView.class)) { attrs.add("dos"); } if (fs.supportsFileAttributeView(PosixFileAttributeView.class)) { attrs.add("posix"); } if (fs.supportsFileAttributeView(FileAttributeView.class)) { attrs.add("file"); } return attrs; }
/** * Test: File and FileStore attributes */ @Test public void testFileStoreAttributes() throws URISyntaxException, IOException { URI uri = clusterUri.resolve("/tmp/testFileStore"); Path path = Paths.get(uri); if (Files.exists(path)) Files.delete(path); assertFalse(Files.exists(path)); Files.createFile(path); assertTrue(Files.exists(path)); FileStore store1 = Files.getFileStore(path); assertNotNull(store1); assertTrue(store1.supportsFileAttributeView("basic")); assertTrue(store1.supportsFileAttributeView(BasicFileAttributeView.class)); assertTrue(store1.supportsFileAttributeView("posix") == store1 .supportsFileAttributeView(PosixFileAttributeView.class)); assertTrue(store1.supportsFileAttributeView("dos") == store1 .supportsFileAttributeView(DosFileAttributeView.class)); assertTrue(store1.supportsFileAttributeView("acl") == store1 .supportsFileAttributeView(AclFileAttributeView.class)); assertTrue(store1.supportsFileAttributeView("user") == store1 .supportsFileAttributeView(UserDefinedFileAttributeView.class)); }
private static List<FileAttribute<List<AclEntry>>> getAclAttributes(Path file) throws IOException { if (Files.exists(file) && supportsFileOwnerAttributeView(file, AclFileAttributeView.class)) { AclFileAttributeView aclView = Files.getFileAttributeView(file, AclFileAttributeView.class); if (aclView != null) { final List<AclEntry> entries = aclView.getAcl(); return Collections.singletonList(new FileAttribute<List<AclEntry>>() { @Override public List<AclEntry> value() { return entries; } @Override public String name() { return "acl:acl"; } }); } } return Collections.emptyList(); }
@Test public void testView() throws IOException { AclFileAttributeView view = provider.view( fileLookup(), ImmutableMap.<String, FileAttributeView>of( "owner", new OwnerAttributeProvider().view(fileLookup(), NO_INHERITED_VIEWS))); assertNotNull(view); assertThat(view.name()).isEqualTo("acl"); assertThat(view.getAcl()).isEqualTo(defaultAcl); view.setAcl(ImmutableList.<AclEntry>of()); view.setOwner(FOO); assertThat(view.getAcl()).isEqualTo(ImmutableList.<AclEntry>of()); assertThat(view.getOwner()).isEqualTo(FOO); assertThat(file.getAttribute("acl", "acl")).isEqualTo(ImmutableList.<AclEntry>of()); }
private void setWindowsPermissions(Path path) { try { AclFileAttributeView aclAttr = Files.getFileAttributeView(path, AclFileAttributeView.class); UserPrincipalLookupService lookupService = path.getFileSystem().getUserPrincipalLookupService(); aclAttr.setAcl(Arrays.asList( getAclEntry(lookupService.lookupPrincipalByName("SYSTEM"), Collections.emptySet()), getAclEntry(lookupService.lookupPrincipalByName(System.getProperty("user.name")), EnumSet.allOf(AclEntryPermission.class)) )); } catch (IOException ex) { throw new RuntimeException(ex); } }
private UserPrincipal getDefaultFileOwner() throws Exception { new File("x.tmp").createNewFile(); Path path = Paths.get("x.tmp"); AclFileAttributeView aclAttr = Files.getFileAttributeView(path, AclFileAttributeView.class); UserPrincipal result = aclAttr.getOwner(); new File("x.tmp").delete(); // System.out.println("owner: "+aclAttr.getOwner()); return result; }
/** * if os is windows then posix will not be called and we need to find permission in different manner * * @param file local file path */ private void saveWindowsfilePermissions(final Path file) throws IOException { Set<AclEntryPermission> aclEntryPermissions; String userType; String userDisplay; StringBuilder permission; final AclFileAttributeView view = Files.getFileAttributeView(file, AclFileAttributeView.class); final List<AclEntry> aclEntries = view.getAcl(); final StringBuilder userList = new StringBuilder(); final StringBuilder userDisplayList = new StringBuilder(); final Map<String, Set<Integer>> stringSetMap = new HashMap<>(); for (final AclEntry aclEntry : aclEntries) { /* If a file has no Windoze dacl entries, as may happen on a network-mounted file system, there won't be a principal entry. A principal is a combination of security provider, like NT AUTHORITY, and user name, e.g. NT AUTHORITY\Gracie. This code is looking for the user name -- the second half of the principal. With no principal, there is no second half of the principal. */ final String[] principalFields = aclEntry.principal().getName().split("\\\\"); if (principalFields.length < 2) { continue; } userDisplay = principalFields[1]; Set<Integer> newSet = stringSetMap.get(userDisplay); aclEntryPermissions = aclEntry.permissions(); if (newSet == null) { newSet = new HashSet<>(); } for (final AclEntryPermission aclEntryPermission : aclEntryPermissions) { newSet.add(aclEntryPermission.ordinal()); } stringSetMap.put(userDisplay, newSet); } final int setSize = stringSetMap.size(); int userCount = 1; for (final Map.Entry<String, Set<Integer>> entry: stringSetMap.entrySet()) { int index = 1; final Set<Integer> ordinals = entry.getValue(); final String key = entry.getKey(); userType = key.replaceAll(" ", "").toLowerCase(); permission = new StringBuilder(); for (final int ord : ordinals) { if (ordinals.size() == index) { permission.append(ord); } else { permission.append(ord).append("-"); } index++; } if (setSize == userCount) { userDisplayList.append(key); userList.append(userType); } else { userDisplayList.append(key).append("-"); userList.append(userType).append("-"); } metadataMap.put("x-amz-meta-ds3-" + userType, permission.toString()); userCount++; } metadataMap.put("x-amz-meta-ds3-userList", userList.toString()); metadataMap.put("x-amz-meta-ds3-userListDisplay", userDisplayList.toString()); }
@Override public Class<AclFileAttributeView> viewType() { return AclFileAttributeView.class; }
@Override public AclFileAttributeView view( FileLookup lookup, ImmutableMap<String, FileAttributeView> inheritedViews) { return new View(lookup, (FileOwnerAttributeView) inheritedViews.get("owner")); }
