In Unix, "others
" class refers to all users except the owner of the file and the members of the group assigned to this file.
Granting permissions to this group can lead to unauthorized access to files.
There is a risk if you answered yes to any of those questions.
The most restrictive possible permissions should be assigned to files and directories.
public void setPermissions(String filePath) { Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>(); // user permission perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); // group permissions perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_EXECUTE); // others permissions perms.add(PosixFilePermission.OTHERS_READ); // Sensitive perms.add(PosixFilePermission.OTHERS_WRITE); // Sensitive perms.add(PosixFilePermission.OTHERS_EXECUTE); // Sensitive Files.setPosixFilePermissions(Paths.get(filePath), perms); }
public void setPermissionsUsingRuntimeExec(String filePath) { Runtime.getRuntime().exec("chmod 777 file.json"); // Sensitive }
public void setOthersPermissionsHardCoded(String filePath ) { Files.setPosixFilePermissions(Paths.get(filePath), PosixFilePermissions.fromString("rwxrwxrwx")); // Sensitive }
On operating systems that implement POSIX standard. This will throw a UnsupportedOperationException
on Windows.
public void setPermissionsSafe(String filePath) throws IOException { Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>(); // user permission perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); // group permissions perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_EXECUTE); // others permissions removed perms.remove(PosixFilePermission.OTHERS_READ); // Compliant perms.remove(PosixFilePermission.OTHERS_WRITE); // Compliant perms.remove(PosixFilePermission.OTHERS_EXECUTE); // Compliant Files.setPosixFilePermissions(Paths.get(filePath), perms); }