[ https://issues.apache.org/jira/browse/VFS-818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christian Nüssgens updated VFS-818: ----------------------------------- Description: I got the following exception when trying to call {{org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)}} {noformat} Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File "sftp://root:***@host/var/log/myFile.log" is not readable. at org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340) at org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373) at Main.main(Main.java:<>) {noformat} The problem seems to be located in the PosixPermissions check introduced with this commit: https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911 (VFS-405) See example code {code:java} import static org.apache.commons.vfs2.util.RandomAccessMode.READ; import org.apache.commons.vfs2.FileObject; import org.apache.commons.vfs2.FileSystemManager; import org.apache.commons.vfs2.FileSystemOptions; import org.apache.commons.vfs2.RandomAccessContent; import org.apache.commons.vfs2.VFS; import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder; public class Main{ public static void main(String[] args) throws Exception { FileSystemManager fsManager = VFS.getManager(); FileSystemOptions opts = new FileSystemOptions(); SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts, "no"); SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false); String fileUri = "sftp://root:pw@host/var/log/myFile.log"; // my file has following permissions: // root@host:/var/log# ls -lah myFile.log // -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log FileObject myFile = fsManager.resolveFile(fileUri, opts); RandomAccessContent randomAccessContent = myFile.getContent().getRandomAccessContent(READ); System.out.println(randomAccessContent.length()); } } {code} As one can see user tomcat can read, group tomcat can read. But not _everyone_ is allowed to read. In my case i authenticated with user {{root}} ({{uid=0, gid=0}}). In that case https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476 creates PosixPermissions with the _hints_ not owner, not in group. The method {{org.apache.commons.vfs2.util.PosixPermissions.isReadable()}} will than just check if _anyone_ (/other) is able to read the file, which is not granted (mask is {{0640}}) I guess there should be an extra check for {{root}} which is always granted access. was: I got the following exception when trying to call {{org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)}} {noformat} Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File "sftp://root:***@host/var/log/myFile.log" is not readable. at org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340) at org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373) at Main.main(Main.java:<>) {noformat} The problem seems to be located in the PosixPermissions check introduced with this commit: https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911 (VFS-405) See example code {code:java} import static org.apache.commons.vfs2.util.RandomAccessMode.READ; import org.apache.commons.vfs2.FileObject; import org.apache.commons.vfs2.FileSystemManager; import org.apache.commons.vfs2.FileSystemOptions; import org.apache.commons.vfs2.RandomAccessContent; import org.apache.commons.vfs2.VFS; import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder; public class Main{ public static void main(String[] args) throws Exception { FileSystemManager fsManager = VFS.getManager(); FileSystemOptions opts = new FileSystemOptions(); SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts, "no"); SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false); String fileUri = "sftp://root:pw@host/var/log/myFile.log"; // my file has following permissions: // root@host:/var/log# ls -lah myFile.log // -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log FileObject myFile = fsManager.resolveFile(fileUri, opts); RandomAccessContent randomAccessContent = myFile.getContent().getRandomAccessContent(READ); System.out.println(randomAccessContent.length()); } } {code} As one can see user tomcat can read, group tomcat can read. But not _everyone_ is allowed to read. In my case i authenticated with user {{root}} ({{uid=0, gid=0}}). In that case https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476 creates PosixPermissions with the _hints_ not owner, not in group. The method {{org.apache.commons.vfs2.util.PosixPermissions.isReadable()}} will than just check if _anyone_ (/other) is able to read the file, which is not granted (mask is {{640}}) I guess there should be an extra check for {{root}} which is always granted access. > SftpFileObject.isReadable may return false for user root > -------------------------------------------------------- > > Key: VFS-818 > URL: https://issues.apache.org/jira/browse/VFS-818 > Project: Commons VFS > Issue Type: Bug > Affects Versions: 2.9.0 > Reporter: Christian Nüssgens > Priority: Minor > > I got the following exception when trying to call > {{org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)}} > {noformat} > Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File > "sftp://root:***@host/var/log/myFile.log" is not readable. > at > org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340) > at > org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373) > at Main.main(Main.java:<>) > {noformat} > The problem seems to be located in the PosixPermissions check introduced with > this commit: > https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911 > (VFS-405) > See example code > {code:java} > import static org.apache.commons.vfs2.util.RandomAccessMode.READ; > import org.apache.commons.vfs2.FileObject; > import org.apache.commons.vfs2.FileSystemManager; > import org.apache.commons.vfs2.FileSystemOptions; > import org.apache.commons.vfs2.RandomAccessContent; > import org.apache.commons.vfs2.VFS; > import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder; > public class Main{ > public static void main(String[] args) throws Exception { > FileSystemManager fsManager = VFS.getManager(); > FileSystemOptions opts = new FileSystemOptions(); > SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts, > "no"); > SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false); > String fileUri = "sftp://root:pw@host/var/log/myFile.log"; > // my file has following permissions: > // root@host:/var/log# ls -lah myFile.log > // -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log > FileObject myFile = fsManager.resolveFile(fileUri, opts); > RandomAccessContent randomAccessContent = > myFile.getContent().getRandomAccessContent(READ); > System.out.println(randomAccessContent.length()); > } > } > {code} > As one can see user tomcat can read, group tomcat can read. But not > _everyone_ is allowed to read. In my case i authenticated with user {{root}} > ({{uid=0, gid=0}}). > In that case > https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476 > creates PosixPermissions with the _hints_ not owner, not in group. The > method {{org.apache.commons.vfs2.util.PosixPermissions.isReadable()}} will > than just check if _anyone_ (/other) is able to read the file, which is not > granted (mask is {{0640}}) > I guess there should be an extra check for {{root}} which is always granted > access. -- This message was sent by Atlassian Jira (v8.20.7#820007)