[jira] [Commented] (DERBY-5363) Tighten default permissions of DB files with >= JDK6

Mon, 29 Aug 2011 13:52:02 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13093190#comment-13093190
 ] 

Kathey Marsden commented on DERBY-5363:
---------------------------------------

Yes, I think messy is the operative word.   I can't say I've read and 
understand all you have written but know I wouldn't want to have to try explain 
it someone else #:)

I have been thinking that umask is  sort of the standard way to control file 
permissions on created files.  Do other database products try to control this ? 
I don't know that we are adding a lot of value by trying to control the 
permissions ourselves.  Might it be possible to just print a warning on network 
server startup if databases will be created readable/writable to others and 
suggest adjusting the umask to be more restrictive if desired.  Are the default 
 permissions something that we can determine at runtime?



> Tighten default permissions of DB files with >= JDK6
> ----------------------------------------------------
>
>                 Key: DERBY-5363
>                 URL: https://issues.apache.org/jira/browse/DERBY-5363
>             Project: Derby
>          Issue Type: Improvement
>            Reporter: Dag H. Wanvik
>         Attachments: derby-5363-basic-1.diff, derby-5363-basic-1.stat, 
> permission-5.diff, permission-5.stat, permission-6.diff, permission-6.stat, 
> z.sql
>
>
> Before Java 6, files created by Derby would have the default
> permissions of the operating system context. Under Unix, this would
> depend on the effective umask of the process that started the Java VM.
> In Java 6 and 7, there are methods available that allows tightening up this
> (File.setReadable, setWritable), making it less likely that somebody
> would accidentally run Derby with a too lenient default.
> I suggest we take advantage of this, and let Derby by default (in Java
> 6 and higher) limit the visibility to the OS user that starts the VM,
> e.g. on Unix this would be equivalent to running with umask 0077. More
> secure by default is good, I think.
> We could have a flag, e.g. "derby.storage.useDefaultFilePermissions"
> that when set to true, would give the old behavior.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to