Fix issue 3047: export-ldif : default access rights of exported file must b...

matthew_swift

22.50.2009 27f02d3186fa08f537bad0c87a8e4a31b01cec69

Fix issue 3047: export-ldif : default access rights of exported file must be 600 not 644

Newly created LDIF files created during an export now have 0600 permissions. If the file is pre-existing (append / overwrite mode only) we assume that the user wants to keep the existing permissions and so no changes are made.

 opends/src/messages/messages/utility.properties

@@ -616,3 +616,5 @@
SEVERE_ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED_298=Certificate signing \
request generation is not supported on JVM supplied by this vendor: %s
INFO_ARGPARSER_USAGE_DEFAULT_VALUE_299=Default value: %s
SEVERE_WARN_EXPORT_LDIF_SET_PERMISSION_FAILED_300=An error occurred while \
 setting file permissions for the LDIF file %s: %s

 opends/src/server/org/opends/server/types/LDIFExportConfig.java

@@ -22,12 +22,12 @@
 * CDDL HEADER END
 *
 *
 *      Copyright 2006-2008 Sun Microsystems, Inc.
 *      Copyright 2006-2009 Sun Microsystems, Inc.
 */
package org.opends.server.types;
import org.opends.messages.Message;


import static org.opends.messages.UtilityMessages.*;
import static org.opends.server.loggers.debug.DebugLogger.*;
import static org.opends.server.util.StaticUtils.*;

import java.io.BufferedWriter;
import java.io.File;
@@ -41,9 +41,8 @@
import java.util.Set;
import java.util.zip.GZIPOutputStream;

import static org.opends.server.loggers.debug.DebugLogger.*;
import org.opends.messages.Message;
import org.opends.server.loggers.debug.DebugTracer;
import static org.opends.messages.UtilityMessages.*;



@@ -225,26 +224,65 @@
    {
      if (ldifOutputStream == null)
      {
        File f = new File(ldifFile);
        boolean mustSetPermissions = false;

        switch (existingFileBehavior)
        {
          case APPEND:
            ldifOutputStream = new FileOutputStream(ldifFile, true);
            break;
          case OVERWRITE:
            ldifOutputStream = new FileOutputStream(ldifFile, false);
            break;
          case FAIL:
            File f = new File(ldifFile);
            if (f.exists())
            {
              Message message = ERR_LDIF_FILE_EXISTS.get(ldifFile);
              throw new IOException(message.toString());
            }
            else
            {
              ldifOutputStream = new FileOutputStream(ldifFile);
            }
            break;
        case APPEND:
          // Create new file if it doesn't exist ensuring that we can
          // set its permissions.
          if (!f.exists())
          {
            f.createNewFile();
            mustSetPermissions = true;
          }
          ldifOutputStream = new FileOutputStream(ldifFile, true);
          break;
        case OVERWRITE:
          // Create new file if it doesn't exist ensuring that we can
          // set its permissions.
          if (!f.exists())
          {
            f.createNewFile();
            mustSetPermissions = true;
          }
          ldifOutputStream = new FileOutputStream(ldifFile, false);
          break;
        case FAIL:
          if (f.exists())
          {
            Message message = ERR_LDIF_FILE_EXISTS.get(ldifFile);
            throw new IOException(message.toString());
          }
          else
          {
            // Create new file ensuring that we can set its
            // permissions.
            f.createNewFile();
            mustSetPermissions = true;
            ldifOutputStream = new FileOutputStream(ldifFile);
          }
          break;
        }

        if (mustSetPermissions)
        {
          try
          {
            // Ignore
            FilePermission.setPermissions(f,
                new FilePermission(0600));
          }
          catch (Exception e)
          {
            // The file could not be created with the correct
            // permissions.
            Message message =
              WARN_EXPORT_LDIF_SET_PERMISSION_FAILED.get(f.toString(),
                    stackTraceToSingleLineString(e));
            throw new IOException(message.toString());
          }
        }
      }