File permissions for a given user

C

Chris

How can I check whether a given user has certain permissions on a certain
file (say, read access)? The user may not be the same one that started the
JVM.
 
E

enrique

Can you clarify more on how this Java app gets started, and how other
people (none of whom started the app) interact with it?
 
C

Chris

Can you clarify more on how this Java app gets started, and how other
people (none of whom started the app) interact with it?
Click to expand...

It's a webapp, running in a J2EE server. Users log in. The app decides
whether they can see certain files or not. It has to check with the
operating system to see if they have read access to the files before it
gives them up.
 
B

Betty

Chris said:
It's a webapp, running in a J2EE server. Users log in. The app decides
whether they can see certain files or not. It has to check with the
operating system to see if they have read access to the files before it
gives them up.
Click to expand...
Why don't you just let them try to access the files and if they
are not worthy there will be an error you can handle gracefully.
 
C

Chris

Can you clarify more on how this Java app gets started, and how other
Why don't you just let them try to access the files and if they
are not worthy there will be an error you can handle gracefully.
Click to expand...

This would work, except we're not allowed to show them that the files exist
at all. A user should not get a directory listing for a directory they don't
have rights to.
 
T

Thomas Weidenfeller

Chris said:
This would work, except we're not allowed to show them that the files exist
at all. A user should not get a directory listing for a directory they don't
have rights to.
Click to expand...

Such a layer of protection should be handled by the operating system,
not the application. It is trivial to circumvent such application-level
filtering - by using another application, e.g. a simple file browser.
Security by obscurity is not a good idea.

/Thomas
 
E

enrique

I would just give each user their own shell account. Skip the web
thing. If these files aren't even web pages, why go through the
trouble of presenting them from a web application?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Java Web Start Permissions 19
Hi, I am a webflow user. I am looking for CSS code that can KEEP ALL ELEMENTS POSITIONED in the SAME spot across all resolutions 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Add a text file that a user specified the name of in a program to a directory 0
I have to finish this code for my assignment but I cant figure out how to solve it 1
Permissions 0
Database schema for file organizer. 1
Add the value taken from the user to my range for ActiveX ComboBox 0

Members online

Total: 43 (members: 1, guests: 42)
Robots: 206

Forum statistics

Threads
473,764
Messages
2,569,564
Members
45,041
Latest member
RomeoFarnh

Latest Threads

Top