Piotr Karwasz created IO-880:
--------------------------------
Summary: `FileUtils.deleteDirectory` incorrectly overrides
permissions on POSIX systems
Key: IO-880
URL: https://issues.apache.org/jira/browse/IO-880
Project: Commons IO
Issue Type: Bug
Reporter: Piotr Karwasz
{{FileUtils.deleteDirectory}} incorrectly overrides permissions on POSIX
systems.
*Expected behavior*
Based on {{FileUtilsDeleteDirectoryLinuxTest}}, the
{{FileUtils.deleteDirectory}} method should *not* change file or directory
permissions.
If a file resides in a non-writable directory, the deletion should fail.
*Actual behavior*
The implementation recursively calls {{setReadOnly}}, which also modifies the
parent directory's permissions.
As a result, files inside non-writable directories can still be deleted,
effectively overriding permissions.
*Why the tests currently pass*
This bug is masked by IO-878: on most modern Linux filesystems, {{setReadOnly}}
is a no-op.
Because of this, tests pass even though the underlying logic is incorrect.
*Impact*
The method violates the principle of not altering user permissions during
recursive deletion.
On filesystems where {{setReadOnly}} is effective, it could unintentionally
relax directory permissions and allow deletions that should fail.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
