Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.9.0, 2.8.2
-
None
Description
While testing FE-4315 on Windows, I noticed that even when generating a private key using Fisheye, the files permissions do not appear to actually change.
The code to make the file private is this, in FileSystemUtils:
if (SystemUtils.IS_OS_WINDOWS) {
String username = System.getenv("USERNAME");
String userdomain = System.getenv("USERDOMAIN");
String currentUser = "\"" + userdomain + "\\" + username + "\"";
PluggableProcessHandler handler = new PluggableProcessHandler();
handler.setOutputHandler(new StringOutputHandler());
handler.setErrorHandler(new StringOutputHandler());
ExternalProcessBuilder builder = new ExternalProcessBuilder()
.command(Arrays.asList(
"echo", "'Y'", "|",
"cacls", "\"" + file.getAbsolutePath() + "\"", "/G", currentUser + ":W"))
.handler(handler);
ExternalProcess process = builder.build();
process.execute();
if (!handler.succeeded()) {
IOException ioException = new IOException(handler.getError() + " - command was: " + process.getCommandLine());
ProcessException exception = handler.getException();
if (exception != null) {
ioException.initCause(exception);
}
throw ioException;
}
}
The 'cacls' command prompts the user if they are sure they want to make the requested change. This code attempts to answer this prompt by echoing a 'Y' into the cacls command.
In my testing this didn't actually work - the files permissions weren't affected when echoing y on the command line. The command worked only when no echo was supplied, and the Y key was pressed manually.
Questions
- did this code ever work? I have tested this only on Windows 7
- Why are we shelling out to 'cacls' to set permissions? There are ways to do it in native java (although it looks like this might not have been possible natively before java 6, so this is very likely the reason)
In practise, Fisheye is able to connect to the repository even though the permissions on the SSH key do not strictly limit it to the current user. On OSX and Linux, SSH enforces that the key must have the correct file permissions, but the MSYS SSH client used on windows doesn't appear to perform this check.
