| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2173641 | 5.0-pool | Dmitriy Samersoff | P4 | Closed | Won't Fix |
Runtime.exec do not properly respect Unix ACLs
If you have to run a script with two users ('user01', 'user02') of two different groups ('grp01' and 'other') you can on solaris add execute permissions for user only, and not for the whole group (we get -rwxr--r--+ if we use 'setfacl -m user:user02:r-x test.sh' )
% id
uid=2236(user01) gid=333(grp01)
$ id
uid=2311(user02) gid=1(other)
% setfacl -m user:user02:r-x test.sh
% setfacl -m group::r-- test.sh
% getfacl test.sh
# file: test.sh
# owner: user01
# group: grp01
user::rwx
user:user02:r-x #effective:r-x
group::r-- #effective:r--
mask:r-x
other:r--
The owner of the script, but also user02 can run test.sh script from shell
But using a simple java class with Runtime.exec(), only java 6 can run the script (on solaris 9 and 10). It is needed a backport to java 5 and 1.4.2
The problem can be reproduced with testcase below (ExecCommand), but also with other testcases (e.g: TestRoot included in bug 4052517)
% /usr/jdk/j2sdk1.4.2_19/bin/java ExecCommand ./test.sh
java.io.IOException: ./test.sh: cannot execute
% /usr/jdk/jdk1.5.0_17/bin/java ExecCommand ./test.sh
java.io.IOException: ./test.sh: cannot execute
% /usr/jdk/jdk1.6.0_12/bin/java ExecCommand ./test.sh
Thu Feb 19 16:10:34 CET 2009
% more ExecCommand.java
import java.io.*;
public class ExecCommand {
public static void main( String argv[] ) {
if( argv == null || argv.length == 0 ) {
System.err.println("Usage:java ExecTest command [args...]");
System.exit(0);
}
try {
Runtime runtime = Runtime.getRuntime();
Process process = runtime.exec( argv );
BufferedReader br = new BufferedReader(
new InputStreamReader(
process.getInputStream() ) );
String line;
while( (line = br.readLine()) != null )
System.out.println( line );
}
catch( Exception e ){
System.err.println( e );
}
}
}
% more test.sh
#!/bin/sh
date
If you have to run a script with two users ('user01', 'user02') of two different groups ('grp01' and 'other') you can on solaris add execute permissions for user only, and not for the whole group (we get -rwxr--r--+ if we use 'setfacl -m user:user02:r-x test.sh' )
% id
uid=2236(user01) gid=333(grp01)
$ id
uid=2311(user02) gid=1(other)
% setfacl -m user:user02:r-x test.sh
% setfacl -m group::r-- test.sh
% getfacl test.sh
# file: test.sh
# owner: user01
# group: grp01
user::rwx
user:user02:r-x #effective:r-x
group::r-- #effective:r--
mask:r-x
other:r--
The owner of the script, but also user02 can run test.sh script from shell
But using a simple java class with Runtime.exec(), only java 6 can run the script (on solaris 9 and 10). It is needed a backport to java 5 and 1.4.2
The problem can be reproduced with testcase below (ExecCommand), but also with other testcases (e.g: TestRoot included in bug 4052517)
% /usr/jdk/j2sdk1.4.2_19/bin/java ExecCommand ./test.sh
java.io.IOException: ./test.sh: cannot execute
% /usr/jdk/jdk1.5.0_17/bin/java ExecCommand ./test.sh
java.io.IOException: ./test.sh: cannot execute
% /usr/jdk/jdk1.6.0_12/bin/java ExecCommand ./test.sh
Thu Feb 19 16:10:34 CET 2009
% more ExecCommand.java
import java.io.*;
public class ExecCommand {
public static void main( String argv[] ) {
if( argv == null || argv.length == 0 ) {
System.err.println("Usage:java ExecTest command [args...]");
System.exit(0);
}
try {
Runtime runtime = Runtime.getRuntime();
Process process = runtime.exec( argv );
BufferedReader br = new BufferedReader(
new InputStreamReader(
process.getInputStream() ) );
String line;
while( (line = br.readLine()) != null )
System.out.println( line );
}
catch( Exception e ){
System.err.println( e );
}
}
}
% more test.sh
#!/bin/sh
date
- backported by
-
JDK-2173641 (process) Runtime.exec do not properly respect Solaris ACLs
-
- Closed
-