Accessing file permissions

One of the many issues addressed by NIO.2 is that the Java SE platform doesn't have a complete set of APIs to access file permissions and other security related file attributes. It's not rare to encounter code that has to resort to using Runtime.exec to execute a command such as chmod(1).

In the NIO.2 early review draft specification you will see that we address the issue of file attributes by organizing related attributes into groups. A FileAttributeView is then defined to provide a read-only or updatable view of the attributes in the group. The specification defines a number of attribute views, of which only BasicFileAttributeView is required to be supported by a file system implementation (BasicFileAttributeView provides access to a small set of attributes such as file size and last modified time - essentially the basic attributes that are common to many file systems).

Aside from BasicFileAttributeView, a file system implementation can support other file attribute views. The specification defines PosixFileAttributeView for access to file attribtues commonly found on platforms that implement the POSIX family of standards. Here's a small example that uses an instance of this attribute view to print the owners and permissions of a file called "foo". It then changes the permissions to deny others access to the file:

PosixFileAttributeView view = PathReference.from("foo")
    .newFileAttributeView(PosixFileAttributeView.class);

// bulk read
PosixFileAttributes attrs = view.readAttributes();

int perms = attrs.getPermissions();

// prints "rw-r--r-- alice bandits"
System.out.format("%s\\t%s\\t%s%n", 
    PosixFilePermission.toString(perms),
    attrs.getOwner(),
    attrs.getGroup());    

// deny others
perms &= ~OTHERS_READ & ~OTHERS_WRITE & ~OTHERS_EXECUTE;
view.updatePermissions(perms); 

The only code that might need explanation here is the code that obtains an instance of PosixFileAttributeView. FileAttributeViews are selected by type-token and this code selects an instance of PosixFileAttributeView that is bound to the file "foo".

The comment hints that foo is owned by the "bandits" group and we can fix this by changing the group:

UserPrincipal cops = view.lookupPrincipalByGroupName("cops");
view.updateOwners(null, cops);

The other part to file permissions is that sometimes you need to create a file with initial permissions (umask applies of course). Here's an example that creates a new file called "securefile" with initial permissions, opening the file for random access:

PathReference file = PathReference.from("securefile");
PosixFileAttributeView view = ...

Attribute<Integer> attr = view.newPermissionsAttribute()
    .setValue(OWNER_READ | OWNER_WRITE | GROUP_READ | GROUP_WRITE);

SeekableByteChannel sbc = file.newSeekableByteChannel(CREATE_NEW | READWRITE, attr);

So that's a brief tour of PosixFileAttributeView. The other file attribute view in the specification that provides access to security related attributes is AclFileAttributView. This provides access to Access Control Lists (ACLs) based on the NFSv4 ACL model. That will be interesting to those on file systems that support ACLs. When I get time I'll write up a few words on how this attribute view is used.

Comments:

nicely done. Hope to see java 7 as soon as possible

Posted by ahmetaa on April 28, 2007 at 08:58 AM PDT #

I'm currently looking for a solution to access a multicast channel from nio. Can I use this feature right now allready - if so where can I get the newest library therefore. I Looked to the java 6 docu and the functionality isn't implemented jet there. Do you know another solution? Thanks for the fine work best Regards S.

Posted by S. on July 10, 2007 at 03:39 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

user12820862

Search

Top Tags
Categories
Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today
News
Blogroll

No bookmarks in folder