Bug 22370 - enhance <available> to test for owner, group and permissions - security feature
enhance <available> to test for owner, group and permissions - security feature
Status: NEW
Product: Ant
Classification: Unclassified
Component: Core tasks
1.5.3
All All
: P3 enhancement (vote)
: ---
Assigned To: Ant Notifications List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2003-08-13 05:53 UTC by Ralf Hauser
Modified: 2009-11-16 06:44 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf Hauser 2003-08-13 05:53:10 UTC
It would be great if the <available> tag could also be used to test for example
that a .ssh directory is only readable by its owner, a private key in a https
server installation is only readable by e.g. user "apache" or the "webapps"
group including also tomcat and mysql etc., the corresponding certificate only
writable by "apache", that certain scripts (setuid, etc.) are owned by root, etc.

or would you rather create an own task <permissions> for this?
Comment 1 Conor MacNeill 2003-08-13 06:00:57 UTC
Since most of these properties are operating system specific, it would not be
feasible to implement this in Java without some sort of external support. I'd
prefer not to do that in <available>

Since this is OS specific, why not do something using an OS specific script?
Comment 2 Ralf Hauser 2003-08-13 07:02:36 UTC
isn't your argument about scripts not the best reason to do it in ant:

Otherwise, everybody all over the world - with or without adequate scripting
skills - is forced to piece together a hand-knit kind-of-working script.
If it is done here - i) people can remain in the world they are familiar with
(Java/Ant), ii) it undergoes due community review, and iii) since Java is aware
of the os and arch, delicate intricacies can be caught while one might otherwise
copy an inadequate example script from a ill-specified google search?
Comment 3 Steve Loughran 2003-08-13 19:12:31 UTC
Well, how exactly are we going to do this in java? 
Comment 4 Ralf Hauser 2003-08-14 14:10:33 UTC
How to do this in Java - (not being a Java expert), it appears that the
neccesary classes do exist as per
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22405 .

For the complement to this passive/get approach - see the suggestion for the
"set" approach in http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22417 .
Comment 5 Stefan Bodewig 2003-08-14 16:11:51 UTC
What Steve tried to say - there is no way to do what you want without either

(1) using native code

or

(2) parse the output of an external executable like "ls -l"

The later is not without precedent as we do something similar to access
environment variables.
Comment 6 Steve Loughran 2003-08-14 16:29:20 UTC
well, to be precise, I was implying without third party native code. I am sure
that java.io goes native at some point, it merely does so without providing any
access to any permission bits other than "readonly".

Comment 7 Ralf Hauser 2009-11-16 06:44:50 UTC
see also bug 23261