[
https://issues.apache.org/jira/browse/VFS-818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christian Nüssgens updated VFS-818:
-----------------------------------
Description:
I got the following exception when trying to call
{{org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)}}
{noformat}
Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File
"sftp://root:***@host/var/log/myFile.log"; is not readable.
at
org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340)
at
org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373)
at Main.main(Main.java:<>)
{noformat}
The problem seems to be located in the PosixPermissions check introduced with
this commit:
https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911
(VFS-405)
See example code
{code:java}
import static org.apache.commons.vfs2.util.RandomAccessMode.READ;
import org.apache.commons.vfs2.FileObject;
import org.apache.commons.vfs2.FileSystemManager;
import org.apache.commons.vfs2.FileSystemOptions;
import org.apache.commons.vfs2.RandomAccessContent;
import org.apache.commons.vfs2.VFS;
import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder;
public class Main{
public static void main(String[] args) throws Exception {
FileSystemManager fsManager = VFS.getManager();
FileSystemOptions opts = new FileSystemOptions();
SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts,
"no");
SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false);
String fileUri = "sftp://root:pw@host/var/log/myFile.log";;
// my file has following permissions:
// root@host:/var/log# ls -lah myFile.log
// -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log
FileObject myFile = fsManager.resolveFile(fileUri, opts);
RandomAccessContent randomAccessContent =
myFile.getContent().getRandomAccessContent(READ);
System.out.println(randomAccessContent.length());
}
}
{code}
As one can see user tomcat can read, group tomcat can read. But not _everyone_
is allowed to read. In my case i authenticated with user {{root}} ({{uid=0,
gid=0}}).
In that case
https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476
creates PosixPermissions with the _hints_ not owner, not in group. The method
{{org.apache.commons.vfs2.util.PosixPermissions.isReadable()}} will than just
check if _anyone_ (/other) is able to read the file, which is not granted (mask
is {{0640}})
I guess there should be an extra check for {{root}} which is always granted
access.
was:
I got the following exception when trying to call
{{org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)}}
{noformat}
Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File
"sftp://root:***@host/var/log/myFile.log"; is not readable.
at
org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340)
at
org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373)
at Main.main(Main.java:<>)
{noformat}
The problem seems to be located in the PosixPermissions check introduced with
this commit:
https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911
(VFS-405)
See example code
{code:java}
import static org.apache.commons.vfs2.util.RandomAccessMode.READ;
import org.apache.commons.vfs2.FileObject;
import org.apache.commons.vfs2.FileSystemManager;
import org.apache.commons.vfs2.FileSystemOptions;
import org.apache.commons.vfs2.RandomAccessContent;
import org.apache.commons.vfs2.VFS;
import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder;
public class Main{
public static void main(String[] args) throws Exception {
FileSystemManager fsManager = VFS.getManager();
FileSystemOptions opts = new FileSystemOptions();
SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts,
"no");
SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false);
String fileUri = "sftp://root:pw@host/var/log/myFile.log";;
// my file has following permissions:
// root@host:/var/log# ls -lah myFile.log
// -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log
FileObject myFile = fsManager.resolveFile(fileUri, opts);
RandomAccessContent randomAccessContent =
myFile.getContent().getRandomAccessContent(READ);
System.out.println(randomAccessContent.length());
}
}
{code}
As one can see user tomcat can read, group tomcat can read. But not _everyone_
is allowed to read. In my case i authenticated with user {{root}} ({{uid=0,
gid=0}}).
In that case
https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476
creates PosixPermissions with the _hints_ not owner, not in group. The method
{{org.apache.commons.vfs2.util.PosixPermissions.isReadable()}} will than just
check if _anyone_ (/other) is able to read the file, which is not granted (mask
is {{640}})
I guess there should be an extra check for {{root}} which is always granted
access.
> SftpFileObject.isReadable may return false for user root
> --------------------------------------------------------
>
> Key: VFS-818
> URL: https://issues.apache.org/jira/browse/VFS-818
> Project: Commons VFS
> Issue Type: Bug
> Affects Versions: 2.9.0
> Reporter: Christian Nüssgens
> Priority: Minor
>
> I got the following exception when trying to call
> {{org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)}}
> {noformat}
> Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File
> "sftp://root:***@host/var/log/myFile.log"; is not readable.
> at
> org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340)
> at
> org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373)
> at Main.main(Main.java:<>)
> {noformat}
> The problem seems to be located in the PosixPermissions check introduced with
> this commit:
> https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911
> (VFS-405)
> See example code
> {code:java}
> import static org.apache.commons.vfs2.util.RandomAccessMode.READ;
> import org.apache.commons.vfs2.FileObject;
> import org.apache.commons.vfs2.FileSystemManager;
> import org.apache.commons.vfs2.FileSystemOptions;
> import org.apache.commons.vfs2.RandomAccessContent;
> import org.apache.commons.vfs2.VFS;
> import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder;
> public class Main{
> public static void main(String[] args) throws Exception {
> FileSystemManager fsManager = VFS.getManager();
> FileSystemOptions opts = new FileSystemOptions();
> SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts,
> "no");
> SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false);
> String fileUri = "sftp://root:pw@host/var/log/myFile.log";;
> // my file has following permissions:
> // root@host:/var/log# ls -lah myFile.log
> // -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log
> FileObject myFile = fsManager.resolveFile(fileUri, opts);
> RandomAccessContent randomAccessContent =
> myFile.getContent().getRandomAccessContent(READ);
> System.out.println(randomAccessContent.length());
> }
> }
> {code}
> As one can see user tomcat can read, group tomcat can read. But not
> _everyone_ is allowed to read. In my case i authenticated with user {{root}}
> ({{uid=0, gid=0}}).
> In that case
> https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476
> creates PosixPermissions with the _hints_ not owner, not in group. The
> method {{org.apache.commons.vfs2.util.PosixPermissions.isReadable()}} will
> than just check if _anyone_ (/other) is able to read the file, which is not
> granted (mask is {{0640}})
> I guess there should be an extra check for {{root}} which is always granted
> access.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
