How to set default file permissions for Java

Question

Question: I'm looking for a way to configure Java to create new files with a particular permission set by default.

Problem: I have a Spring Boot app which uses the following:

Log4J2 for logging
H2 for flat file databases
Ehcache for cached entities

All of these libraries create new files on the local file system, and when they do, they produce world-writeable files (666 for files and 777 for directories). I have seen this on macOS 10.13 (user has "umask 0022") and on Amazon Linux (user has "umask 0002").

If I was directly managing the creation of the files, I can do what I need with PosixFilePermission, but since file creation is delegated to the libraries, I don't have that opportunity. I could potentially set a timer to discover new files and set the permissions directly, but I'm not wild about that approach.

Log4J2 v2.9 added a filePermissions field to RollingFileAppender, so I have hope for one of my problems, but I'm not able to find something similar for H2 or Ehcache. Ideally, I'd like to do this at the JVM/Boot level for simplicity and future-proofing.

For the downvotes, if you have some feedback on the question, I'd appreciate it. — chaserb, Mar 16 '18 at 05:35

score 1 · Answer 1 · answered Mar 16 '18 at 06:58

1

Here's a topic of tomcat and umask. Seems tomcat has it's own behavior dealing with umask.

So maybe there is a way to config the 'umask behavior' of tomcat embedded in Spring Boot? Like properties or something.

I cannot pretending this is an Answer. But sadly I don't have enough reputation to comment your question. Hopes this would help you a little.

answered Mar 16 '18 at 06:58

John

1,654
1
14
21

Thanks for the idea. Downloaded the source for tomcat to see what they are doing with the UMASK environment variable. catalina.sh passes the value to the umask OS command, and then optionally passes it to org.apache.catalina.security.SecurityListener as a system property. SecurityListener.java simply checks that the value is greater than some minimum at bootup. Nothing in the java appears to "act" upon the information. Seems I should be able to depend on the OS umask as well, but all the files I create contradict what the umask dictates. – chaserb Mar 16 '18 at 15:12

chaserb · Accepted Answer · 2018-03-16T19:35:55.903

0

Turns out this is a red herring. The issue is not with java, it's with the YAJSW service wrapper that launches the java process. YAJSW has several parameters for setting umask, including on the child process, but they are not implemented yet. Launching the app outside of YAJSW produces files that obey the user's umask.

edited Mar 16 '18 at 19:35

answered Mar 16 '18 at 16:49

chaserb

1,340
1
14
25

How to set default file permissions for Java

2 Answers2