Setting files (or directories) permissions should be done with an abundance of caution, to limit as far as possible who can execute, write to and read each file. An unexpected user having access to the server where these files are stored could intentionally or not:
r--
permission) -w-
permission) --x
permission) This rule is triggered when read, write or execute permissions are given to "others" class according to the POSIX standard.
The most restrictive possible permissions should be assigned to files or directories.
public void setPermissions(String filePath) { Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>(); // user permission perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); // group permissions perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_EXECUTE); // others permissions perms.add(PosixFilePermission.OTHERS_READ); // Sensitive perms.add(PosixFilePermission.OTHERS_WRITE); // Sensitive perms.add(PosixFilePermission.OTHERS_EXECUTE); // Sensitive Files.setPosixFilePermissions(Paths.get(filePath), perms); }
public void setPermissionsUsingRuntimeExec(String filePath) { Runtime.getRuntime().exec("chmod 777 file.json"); // Sensitive }
public void setOthersPermissionsHardCoded(String filePath ) { Files.setPosixFilePermissions(Paths.get(filePath), PosixFilePermissions.fromString("rwxrwxrwx")); // Sensitive }
On operating systems that implement POSIX standard. This will throw a UnsupportedOperationException
on Windows.
public void setPermissionsSafe(String filePath) throws IOException { Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>(); // user permission perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); // group permissions perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_EXECUTE); // others permissions removed perms.remove(PosixFilePermission.OTHERS_READ); // Compliant perms.remove(PosixFilePermission.OTHERS_WRITE); // Compliant perms.remove(PosixFilePermission.OTHERS_EXECUTE); // Compliant Files.setPosixFilePermissions(Paths.get(filePath), perms); }