[
https://issues.apache.org/jira/browse/VFS-818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17524780#comment-17524780
]
Christian Nüssgens commented on VFS-818:
----------------------------------------
I think we should only change the behaviour of SftpFileObject (not for all
implementations via AbstractFileObject)
Furthermore the isReadable mehtod did check if the file "exists" and
(currently) does check if the user has read-permission.
I think the exists check could remain (to fail-fast)
> SftpFileObject.isReadable may return false for user root
> --------------------------------------------------------
>
> Key: VFS-818
> URL: https://issues.apache.org/jira/browse/VFS-818
> Project: Commons VFS
> Issue Type: Bug
> Affects Versions: 2.9.0
> Reporter: Christian Nüssgens
> Priority: Minor
>
> I got the following exception when trying to call
> {{org.apache.commons.vfs2.FileContent.getRandomAccessContent(READ)}}
> {noformat}
> Exception in thread "main" org.apache.commons.vfs2.FileSystemException: File
> "sftp://root:***@host/var/log/myFile.log"; is not readable.
> at
> org.apache.commons.vfs2.provider.AbstractFileObject.getRandomAccessContent(AbstractFileObject.java:1340)
> at
> org.apache.commons.vfs2.provider.DefaultFileContent.getRandomAccessContent(DefaultFileContent.java:373)
> at Main.main(Main.java:<>)
> {noformat}
> The problem seems to be located in the PosixPermissions check introduced with
> this commit:
> https://github.com/apache/commons-vfs/commit/3b73cc3a9bba6c25520d20f83d7f68f69e2ba911
> (VFS-405)
> See example code
> {code:java}
> import static org.apache.commons.vfs2.util.RandomAccessMode.READ;
> import org.apache.commons.vfs2.FileObject;
> import org.apache.commons.vfs2.FileSystemManager;
> import org.apache.commons.vfs2.FileSystemOptions;
> import org.apache.commons.vfs2.RandomAccessContent;
> import org.apache.commons.vfs2.VFS;
> import org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder;
> public class Main{
> public static void main(String[] args) throws Exception {
> FileSystemManager fsManager = VFS.getManager();
> FileSystemOptions opts = new FileSystemOptions();
> SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(opts,
> "no");
> SftpFileSystemConfigBuilder.getInstance().setUserDirIsRoot(opts, false);
> String fileUri = "sftp://root:pw@host/var/log/myFile.log";;
> // my file has following permissions:
> // root@host:/var/log# ls -lah myFile.log
> // -rw-r----- 1 tomcat tomcat 8.5M Apr 19 15:02 myFile.log
> FileObject myFile = fsManager.resolveFile(fileUri, opts);
> RandomAccessContent randomAccessContent =
> myFile.getContent().getRandomAccessContent(READ);
> System.out.println(randomAccessContent.length());
> }
> }
> {code}
> As one can see user tomcat can read, group tomcat can read. But not
> _everyone_ is allowed to read. In my case i authenticated with user {{root}}
> ({{uid=0, gid=0}}).
> In that case
> https://github.com/apache/commons-vfs/blob/master/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/sftp/SftpFileObject.java#L456-L476
> creates PosixPermissions with the _hints_ not owner, not in group. The
> method {{org.apache.commons.vfs2.util.PosixPermissions.isReadable()}} will
> than just check if _anyone_ (/other) is able to read the file, which is not
> granted (mask is {{0640}})
> I guess there should be an extra check for {{root}} which is always granted
> access.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
