Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
2.9.0
-
None
-
None
Description
I got the following exception when trying to call org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)
Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File "sftp://root:***@host/var/log/myFile.log" is not readable. at org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340) at org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373) at Main.main(Main.java:<>)
The problem seems to be located in the PosixPermissions check introduced with this commit:
https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911 (VFS-405)
See example code
import static org.apache.commons.vfs2.util.RandomAccessMode.READ; import org.apache.commons.vfs2.FileObject; import org.apache.commons.vfs2.FileSystemManager; import org.apache.commons.vfs2.FileSystemOptions; import org.apache.commons.vfs2.RandomAccessContent; import org.apache.commons.vfs2.VFS; import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder; public class Main{ public static void main(String[] args) throws Exception { FileSystemManager fsManager = VFS.getManager(); FileSystemOptions opts = new FileSystemOptions(); SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts, "no"); SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false); String fileUri = "sftp://root:pw@host/var/log/myFile.log"; // my file has following permissions: // root@host:/var/log# ls -lah myFile.log // -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log FileObject myFile = fsManager.resolveFile(fileUri, opts); RandomAccessContent randomAccessContent = myFile.getContent().getRandomAccessContent(READ); System.out.println(randomAccessContent.length()); } }
As one can see user tomcat can read, group tomcat can read. But not everyone is allowed to read. In my case i authenticated with user root (uid=0, gid=0).
In that case https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476 creates PosixPermissions with the hints not owner, not in group. The method org.apache.commons.vfs2.util.PosixPermissions.isReadable() will than just check if anyone (/other) is able to read the file, which is not granted (mask is 0640)
I guess there should be an extra check for root which is always granted access.
Attachments
Attachments
Issue Links
- links to