Accessing file permissions
By user12820862 on Apr 27, 2007
One of the many issues addressed by NIO.2 is that the Java SE platform doesn't have a complete set of APIs to access file permissions and other security related file attributes. It's not rare to encounter code that has to resort to using Runtime.exec to execute a command such as chmod(1).
In the NIO.2 early review draft specification you will see that we address the issue of file attributes by organizing related attributes into groups. A FileAttributeView is then defined to provide a read-only or updatable view of the attributes in the group. The specification defines a number of attribute views, of which only BasicFileAttributeView is required to be supported by a file system implementation (BasicFileAttributeView provides access to a small set of attributes such as file size and last modified time - essentially the basic attributes that are common to many file systems).
Aside from BasicFileAttributeView, a file system implementation can support other file attribute views. The specification defines PosixFileAttributeView for access to file attribtues commonly found on platforms that implement the POSIX family of standards. Here's a small example that uses an instance of this attribute view to print the owners and permissions of a file called "foo". It then changes the permissions to deny others access to the file:
PosixFileAttributeView view = PathReference.from("foo") .newFileAttributeView(PosixFileAttributeView.class); // bulk read PosixFileAttributes attrs = view.readAttributes(); int perms = attrs.getPermissions(); // prints "rw-r--r-- alice bandits" System.out.format("%s\\t%s\\t%s%n", PosixFilePermission.toString(perms), attrs.getOwner(), attrs.getGroup()); // deny others perms &= ~OTHERS_READ & ~OTHERS_WRITE & ~OTHERS_EXECUTE; view.updatePermissions(perms);
The only code that might need explanation here is the code that obtains an instance of PosixFileAttributeView. FileAttributeViews are selected by type-token and this code selects an instance of PosixFileAttributeView that is bound to the file "foo".
The comment hints that foo is owned by the "bandits" group and we can fix this by changing the group:
UserPrincipal cops = view.lookupPrincipalByGroupName("cops"); view.updateOwners(null, cops);
The other part to file permissions is that sometimes you need to create a file with initial permissions (umask applies of course). Here's an example that creates a new file called "securefile" with initial permissions, opening the file for random access:
PathReference file = PathReference.from("securefile"); PosixFileAttributeView view = ... Attribute<Integer> attr = view.newPermissionsAttribute() .setValue(OWNER_READ | OWNER_WRITE | GROUP_READ | GROUP_WRITE); SeekableByteChannel sbc = file.newSeekableByteChannel(CREATE_NEW | READWRITE, attr);
So that's a brief tour of PosixFileAttributeView. The other file attribute view in the specification that provides access to security related attributes is AclFileAttributView. This provides access to Access Control Lists (ACLs) based on the NFSv4 ACL model. That will be interesting to those on file systems that support ACLs. When I get time I'll write up a few words on how this attribute view is used.