Uploaded image for project: 'Commons VFS'
  1. Commons VFS
  2. VFS-818

SftpFileObject.isReadable may return false for user root

Agile BoardAttach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 2.9.0
    • None
    • None

    Description

      I got the following exception when trying to call org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)

      Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File "sftp://root:***@host/var/log/myFile.log" is not readable.
    at org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340)
    at org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373)
    at Main.main(Main.java:<>)

      The problem seems to be located in the PosixPermissions check introduced with this commit:
      https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911 (VFS-405)

      See example code

      import static org.apache.commons.vfs2.util.RandomAccessMode.READ;

import org.apache.commons.vfs2.FileObject;
import org.apache.commons.vfs2.FileSystemManager;
import org.apache.commons.vfs2.FileSystemOptions;
import org.apache.commons.vfs2.RandomAccessContent;
import org.apache.commons.vfs2.VFS;
import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder;

public class Main{

  public static void main(String[] args) throws Exception {
    FileSystemManager fsManager = VFS.getManager();
    FileSystemOptions opts = new FileSystemOptions();
    SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts, "no");
    SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false);
    String fileUri = "sftp://root:pw@host/var/log/myFile.log";
    // my file has following permissions:
    // root@host:/var/log# ls -lah myFile.log
    // -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log
    FileObject myFile = fsManager.resolveFile(fileUri, opts);
    RandomAccessContent randomAccessContent = myFile.getContent().getRandomAccessContent(READ);
    System.out.println(randomAccessContent.length());
  }
}

      As one can see user tomcat can read, group tomcat can read. But not everyone is allowed to read. In my case i authenticated with user root (uid=0, gid=0).
      In that case https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476 creates PosixPermissions with the hints not owner, not in group. The method org.apache.commons.vfs2.util.PosixPermissions.isReadable() will than just check if anyone (/other) is able to read the file, which is not granted (mask is 0640)

      I guess there should be an extra check for root which is always granted access.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            cnuessgens Christian Nüssgens
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment