smolnar82 commented on issue #68: KNOX-1814 - Moving conf/data folder checking to Java layer from bash URL: https://github.com/apache/knox/pull/68#issuecomment-471547971 > Thanks for the PR @smolnar82 ! couple of things that I think would be good to have: > > 1. In this patch we are checking whether the folder is readable and writable, can we make sure that the permissions are not world readable (which is the case currently), this would be really great to have, something like PosixFilePermissions, this would help with KNOX-1432 > `final Set<PosixFilePermission> permissions = new HashSet<>(); permissions.add(PosixFilePermission.OWNER_READ); permissions.add(PosixFilePermission.OWNER_WRITE); // not sure if we need this //permissions.add(PosixFilePermission.OWNER_EXECUTE); Files.setPosixFilePermissions(file.toPath(), permissions);` The goal of this PR is pure read/write check; I believe it's not a good idea to set any permissions on these directories from the code itself. > 2. Also, would be nice to have just one function check for read and write, perhaps use a boolean flag to check if you strictly want to check for one over the other. Will see what can be merged/overloaded (still applying clean-code rules)
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
