From da7c2116996d26d22b3eca9f20cb497791dbb857 Mon Sep 17 00:00:00 2001
From: boli <boli@localhost>
Date: Fri, 15 Sep 2006 16:54:57 +0000
Subject: [PATCH] This uses the new FilePermission framework to set permissions on the directory holding the database files. The new config attribute ds-cfg-backend-mode is optional and by default has a value of 700. The permissions are set on backend initialization as well as on the fly via LDAP. The server will make sure the file permissions will allow owner access before setting. Any exceptions encountered while setting the attribute will result in non fatal errors which are logged. However, any configuration exceptions will keep the backend from starting.
---
opends/src/server/org/opends/server/backends/jeb/BackendImpl.java | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 50 insertions(+), 0 deletions(-)
diff --git a/opends/src/server/org/opends/server/backends/jeb/BackendImpl.java b/opends/src/server/org/opends/server/backends/jeb/BackendImpl.java
index 43535be..a0b575e 100644
--- a/opends/src/server/org/opends/server/backends/jeb/BackendImpl.java
+++ b/opends/src/server/org/opends/server/backends/jeb/BackendImpl.java
@@ -79,6 +79,7 @@
import org.opends.server.types.LDIFExportConfig;
import org.opends.server.types.RestoreConfig;
import org.opends.server.types.ResultCode;
+import org.opends.server.types.FilePermission;
import org.opends.server.monitors.DatabaseEnvironmentMonitor;
import org.opends.server.util.LDIFException;
import org.opends.server.loggers.Debug;
@@ -121,6 +122,12 @@
private File backendDirectory;
/**
+ * The permissions mode for the directory containing persistent storage for
+ * the backend.
+ */
+ private FilePermission backendPermission;
+
+ /**
* The base DNs contained in this backend.
*/
private ConcurrentHashMap<DN, EntryContainer> baseDNs;
@@ -374,6 +381,24 @@
message);
}
+ // Get the backend database directory permissions and apply
+ try
+ {
+ backendPermission = config.getBackendPermission();
+ if(!FilePermission.setPermissions(backendDirectory, backendPermission))
+ {
+ throw new Exception();
+ }
+ }
+ catch(Exception e)
+ {
+ // Log an warning that the permissions were not set.
+ int msgID = MSGID_JEB_SET_PERMISSIONS_FAILED;
+ String message = getMessage(msgID, backendDirectory.getPath());
+ logError(ErrorLogCategory.BACKEND, ErrorLogSeverity.SEVERE_WARNING,
+ message, msgID);
+ }
+
// FIXME: Currently assuming every base DN is also a suffix.
for (DN dn : baseDNs)
{
@@ -1577,6 +1602,31 @@
}
}
+ // Check for changes to the database directory permissions
+ FilePermission oldPermission = config.getBackendPermission();
+ FilePermission newPermission = newConfig.getBackendPermission();
+
+ if(!FilePermission.toUNIXMode(oldPermission).equals(
+ FilePermission.toUNIXMode(newPermission)))
+ {
+ try
+ {
+ if(!FilePermission.setPermissions(newConfig.getBackendDirectory(),
+ newPermission))
+ {
+ throw new Exception();
+ }
+ }
+ catch(Exception e)
+ {
+ // Log an warning that the permissions were not set.
+ int msgID = MSGID_JEB_SET_PERMISSIONS_FAILED;
+ String message = getMessage(msgID, backendDirectory.getPath());
+ logError(ErrorLogCategory.BACKEND, ErrorLogSeverity.SEVERE_WARNING,
+ message, msgID);
+ }
+ }
+
// Check if any JE non-mutable properties were changed.
EnvironmentConfig oldEnvConfig = config.getEnvironmentConfig();
EnvironmentConfig newEnvConfig = newConfig.getEnvironmentConfig();
--
Gitblit v1.10.0