Java cant access Files In NFS Share

Question

Some strange behavior in Java app JBOSS (technology not relevant..)

application can access files, only OWNED by user, which runs process. Group is not used.

-rwxrwxrwx. 1 root GroupUnix1 448 Jun 4 06:26 output_new.txt

id uid=401322(MySuperUser) gid=401322(MySuperGroup) >groups=401322(MySuperGroup),7013595(GroupUnix1 ) >context=unconfined_u:system_r:openshift_t:s0:c528,c834

getenforce Permissive From first view looks like Java does not care about file level permissions. Only ownership.

ls -la -rw------- 1 MySuperUser GroupUnix1 308 Jun 3 14:15 output_new.txt <-access ok

Any ideas how to access file in Java, which is owned by Group and not user? I run in MultiUser environment.

----rw---- 1 MySuperUser GroupUnix1 308 Jun 3 14:15 output_new.txt access ok ? WHY?

---------- 1 MySuperUser GroupUnix1 308 Jun 3 14:15 output_new.txt access ok ? WHY?

----rw---- 1 root GroupUnix1 364 Jun 3 14:16 output_new.txt no access ? WHY?

Error from JBOSS. But basically i get access restricted.

Error: java.nio.file.FileSystemException: /mnt/SuperFolder/share1/outbound/output_new.txt: Operation not permitted sun.nio.fs.UnixException.translateToIOException(UnixException.java:91) sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:228) sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:250) java.nio.file.Files.setPosixFilePermissions(Files.java:1992) com.company.soft.eap.test.nfs.ReadFile.doGet(ReadFile.java:85) javax.servlet.http.HttpServlet.service(HttpServlet.java:734) javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

CODE i try:

String path = "/mnt/SuperFolder/share1/outbound/output_new.txt";
// (use relative path for Unix systems)
File f = new File(path);
// (works for both Windows and Linux)
f.getParentFile().mkdirs();
f.createNewFile();
FileWriter fstream = new FileWriter(path, true);
BufferedWriter outt = new BufferedWriter(fstream);
outt.write(" something \n ");
outt.newLine();
// close buffer writer
outt.close();

So if file has 070 it cant write, edit as a group.

UPDATE: writing happens to NFS share. outside NFS this behaves as expected. But inside share - Crashes.

Answer 1

Your issue is not Java related, it is unix related.

First, a file is owned by a user, not a group.

Secondly, you have to understand unix file permissions precedence. The system first check the user permissions, then the group permissions and finally the others permissions.

For example, given this file :

----rwx--- bob wailers test.txt

1. IF you are user "bob", you CAN'T read, write or execute it
2. ELSE IF if you are in group "wailers", you CAN read, write or execute it
3. ELSE you CAN'T read, write or execute it

So, if you are user "bob", even if you are in the group "wailers" :

1. the first condition is true (you are bob) and permissions apply : you CAN'T access the file.

But if you are user "peter" and you are in the group "wailers" :

1. the first condition is false (you are not bob) -> permissions don't apply,
2. the second condition is true (you are in the wailers) -> permissions apply : you CAN access the file.

Answer 2

You'll either need to:

1. Start the jboss process using a user/account which has read/write permissions to the files (possibly using sudo)
2. Change the access rights on the files/directories such that the jboss process's user has read/write permissions to the files (see chmod)

Answer 3

This is a fairly old question, but I ran across a similar issue and finally figured out the issue and I didn't see any SO posts that documented the issue that I was experiencing.

In my case, I was using Apache Commons FileUtils method that preserves date information, and I believe that preserving date information to be the cause of the specific exception "Operation Not Permitted". In other cases, where the file/directory permissions are insufficient I tend to see "Access Denied" exceptions from Java.

Debugging further, I found that with the filesystem I was dealing with (NFS or CIFS I believe) that if I used cp -p to copy files I would get the same "Operation not permitted" reported by the OS. According to the man page: -p same as --preserve=mode,ownership,timestamps so it will try to preserve timestamps. In my case my user had group access to the files, but the owner was a different user (root). I read on another forum: https://serverfault.com/a/680045

On Unix the timestamps cannot be preserved on the files the user does not own.

So even though my user had group permissions to read the file/directory, the command would fail because of the inability to preserve timestamps.

The solution was to change the ownership of the files to match the user that was trying to perform the copy with preserving timestamps.

An alternative approach might be to use a different Java copy method that doesn't attempt to preserve timestamps, but I didn't actually try this.