Uploaded image for project: 'Commons VFS'
  1. Commons VFS
  2. VFS-818

SftpFileObject.isReadable may return false for user root

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 2.9.0
    • None
    • None

    Description

      I got the following exception when trying to call org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)

      Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File "sftp://root:***@host/var/log/myFile.log" is not readable.
    at org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340)
    at org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373)
    at Main.main(Main.java:<>)

      The problem seems to be located in the PosixPermissions check introduced with this commit:
      https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911 (VFS-405)

      See example code

      import static org.apache.commons.vfs2.util.RandomAccessMode.READ;

import org.apache.commons.vfs2.FileObject;
import org.apache.commons.vfs2.FileSystemManager;
import org.apache.commons.vfs2.FileSystemOptions;
import org.apache.commons.vfs2.RandomAccessContent;
import org.apache.commons.vfs2.VFS;
import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder;

public class Main{

  public static void main(String[] args) throws Exception {
    FileSystemManager fsManager = VFS.getManager();
    FileSystemOptions opts = new FileSystemOptions();
    SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts, "no");
    SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false);
    String fileUri = "sftp://root:pw@host/var/log/myFile.log";
    // my file has following permissions:
    // root@host:/var/log# ls -lah myFile.log
    // -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log
    FileObject myFile = fsManager.resolveFile(fileUri, opts);
    RandomAccessContent randomAccessContent = myFile.getContent().getRandomAccessContent(READ);
    System.out.println(randomAccessContent.length());
  }
}

      As one can see user tomcat can read, group tomcat can read. But not everyone is allowed to read. In my case i authenticated with user root (uid=0, gid=0).
      In that case https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476 creates PosixPermissions with the hints not owner, not in group. The method org.apache.commons.vfs2.util.PosixPermissions.isReadable() will than just check if anyone (/other) is able to read the file, which is not granted (mask is 0640)

      I guess there should be an extra check for root which is always granted access.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #257

          Activity

            People

              Unassigned Unassigned
              cnuessgens Christian Nüssgens
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: