Getting An "Access Denied" Error While Editing "Hosts" File Through Java Program.
Program needs an ADMINISTRATIVE PRIVILEGE To Edit The Hosts File.
So Is there any Solution To provide That Administrative privilege to java program so that It can edit Hosts File.
** Note **
I am Using Window 8.1 OS.
Hosts File Location is:
C:\Windows\System32\Drivers\etc\Hosts
Have a look at the AccessController API: Java Access Controller
one thing is for sure though, when the user runs the Java program, the user must right-click and select 'Run As Administrator'.
Another option is that you could read in the file, make your changes in memory, (file could be read in as a string), and then write out the file to replace the HOSTS file. Which again, you definitely need Administrator privileges.
Quick Google search also showed source code for a package that let's you edit hosts file, you might want to take a look at that. It still definitely needs the administrator permissions though. Link here
Have a look at this previous SO question, it might give you a few ideas.
The main issue with writing this kind of programs is the permissions. The Hosts file is a critical part of every operating system, and it's only logically to have layers of security around it to prevent any random program from changing the hosts file, hence all these extra hurdles.
Related
I am trying to programatically purge log files from a running(!) system consisting of several Java and non-Java servers. I used Java's File.delete() operation and it usually works fine. I am also perfectly fine with log files that are currently in use not being deleted, so I just log it as a warning whenever File.delete() returns false.
However, in log files which are currently still being written to by NON-Java applications (Postgres, Apache HTTPD etc., Java applications might also be affected, but I didn't notice yet, and all are using the same logging framework anyway, which seems to be OK) are not actually deleted (which is what I expected), however, File.delete() returns "true" for them.
But not only do these files still exist on the file system (Windows explorer and "dir" still show them), but afterwards they are inaccessible... when I try to open them with a text editor etc. I get "access denied" or similar error messages, when I try to copy them with explorer, it also claims that I do not have permissions, when I check its "properties" with explorer, it gives me "You do not have permission to view or edit this object's permissions".
Just to be clear: before I ran the File.delete() operation, I could access or delete these files without any problems, the delete operation "breaks" them. Once I stop the application, the file then disappears, and on restart, the application creates it from scratch and everything is back to normal.
The problem is that when NOT restarting the application after the log file purge operation, the application logs to nirvana.
This behavior reminds me a bit of the file deletion behavior of Linux: if you delete a file that is still held open by an application, it disappears from the file system, but the application - still holding a file handle - will happily continue writing to that file, but you will never be able to access it afterwards. The only difference being that here the files are still visible in the FS, but also not accessible otherwise.
I should mention that both my Java program and the applications themselves are running with "system" user.
I also tried Files.delete(), which allegedly throws an IOException indicating the error... but it seems there is no error.
What I tried to work around the problem is to check if the files are currently locked, using the method described here https://stackoverflow.com/a/1390669/5837050, but this only works for some of the files, not for all of them.
I basically need a reliable way (at least for Windows, if it worked also for Linux, that would be great) to determine if a file is still being used by some program, so I could just not delete it.
Any hints appreciated.
I haven't reproduced it but it seems like an OS expected behaviour, normally different applications run with different users which have ownership on this type of files but I understand that you want like a master purge Java which checks the log files not in use to delete them (running with enough grants of course).
So, considering that the OS behaviour is not going to change I would suggest to configure your logs with "roll file appender" policies and then check the files that match these policies.
Check the rollback policies for logback to make you an idea:
http://logback.qos.ch/manual/appenders.html#onRollingPolicies
For example, if your appender file policy is "more than one day or more than 1Gb" then just delete files which last edition date are older than one day or size are 1Gb. With this rule you will be sure to delete log files that are not in use.
Note that.. with a proper rolling policy maybe you even don't need your purge method, look at this configuration example:
<!-- keep 30 days' worth of history capped at 3GB total size -->
<maxHistory>30</maxHistory>
<totalSizeCap>3GB</totalSizeCap>
I hope this could help you a bit!!
Need a program written in Java to close a .txt file as it opens (so that the user can, hopefully, not see it). How would I go about closing a .txt file as soon as it opens?
The alternatives to this way is to open the file on the secondary monitor or replace the text in the file instantly so the user cannot see this.
As I understand your question you want to intercept all requests, by any program running in a computer, to open any text file, and prevent that file from being accessed.
This is categorically beyond the capabilities of anything you can do in Java, or any "user-space" environment. Anything of this type would have to be done as part of the operating system, operating in privileged mode, and working with the filesystem drivers.
This could probably be done but would be operating-system specific and likely need to be written in C++ or assembler. Also it would require specific user action to be installed and would require superuser or administrator privileges.
This is not something within reach of a developer without significant OS kernel experience.
Sounds like you are trying to write ransomware?
I've used Commons IO to write a program that copy files and other things. But I want to copy a file to a local ip address \\10.x.x.x, but the user doesn't have rights to do the copy, so I need to put an ID and password to access it. However I cannot find a way I can do that.
To move file I use :
FileUtils.moveFileToDirectory(fichier, destDir,true);
But my directory is something like \\10.x.x.x\files and only a few users can write in that directory so I have an ID & password that let you move files there. I want that even if the users don't have rights to move files to that directory my program can do it.
It is not really the way Windows security works. If you really want to do it that way, you will have to use Java Native Interface or Java Native Access, and manage to call the WNetAddConnection function from Mpr.dll (and do not forget to call WNetCancelConnection when done).
But you would have to store a password in your program, which is poor security practice.
The standard way to do that would be to start a service that would run under a user that has access to the desired directory, and have your program to communicate with it using whatever you want, the simplest way being probably TCP/IP. But unless you have special requirement for that I would not recommend to use Jave for those kinds of program.
A more Java alternative would be to start a Tomcat service on server machine running under a user having access to the directory. That way you just have to develop a standard Java Web Application able to upload files that would save the files to the proper directory. But it would be a traditionnal and portable Java application with no need for JNI nor JNA.
If cannot use a Tomcat and do not want to invest to much on it, you could split the program in pieces :
one client program that copies files on a directory (on server machine) with File creation rights for everybody - can decays to the copy utility if nothing more has to be done or can easily written in Java
one server program that will run on server machine under a user that has full write permissions on target directory. This one can also be easily written in Java
you can easily install the server program as a service on the server machine with sc and srvany according to this answer on ServerFault
If you use a client program, you could easily add a digital signature file with each copied file, but as I said above, it is poor security practice and add little if any security. At least the program should be executable and not readable, and the sources should be kept hidden. It is better to log the users that copied the file and ask them what happened is you find a problem.
I am developing a java web application that needs to pass shell scripts to putty after user authentication. putty.exe should launch only if authentication is successful and if the script has begun running successfully.
Also, since different users might have installed putty in different locations on their systems. Is there any way to launch putty.exe without requiring the user to manually configure the path. Or is it possible to programmatically find the path and launch putty?
I will start by saying not having the user add putty to the path is most easily solved by creating a configuration file for each user, where one of the parameters will be the location of the putty executable. Properly handling this with default values and a dialogue box if putty can't be opened would be simple and familiar to most users.
Two simple situations could completely mess with how you do a search for the executable: the user renames the putty executable or the user has multiple versions of putty.
To avoid getting stumped by the first situation you are going to have to ask for the new name and somehow save it in a config.
To avoid getting stumped by the second you are going to have to ask for the version of putty they want, store that version, and somehow do version checking if all you want to do is look for putty.exe (maybe you have a file of the checksum for each version).
This is just as, if not more annoying to the user (and definitely more annoying to you) than just asking them to point to the executable. There are more ways that things could go wrong, as well.
Basically, it is possible to search for the executable but it would not save anyone any trouble and would only make more for you. Having the user configure the path is not very tricky, but if you want to avoid it then the easiest thing is to have per-user configuration files with the putty path saved in it by your program.
One way is by editing the PATH system variable of the user machines and add the full path of the Putty.exe location.
Another solution is to create a link that points to Putty.exe in a default folder in every user machine, so Java could access to this link w/o problems.
A third solution could be to ship the Putty.exe with your application installer. Putty.exe doesn't need custom DLLs to work (at least I haven't needed one yet).
Theoritically it is possible if you search through every directory on user's computer to find putty.exe. But practically, you should required the file to be put in some familiar directories or use an environment variable.
I agree with people above. Also in your application you can provide ability to user set putty.exe full path and store them in cookies.
During an installation process I need to check if a userprovided path is writable to a specified user.
The Path (A UNC Path like \fileserver\share) may not be writable to the user, who is executing the Setup.exe (It's a Windows-Only Software), so I think How do you check for permissions to write to a directory or file? may not work for me.
I know in Java7 there will be a new Filesystem-API, but Java7 is not released yet.
EDIT:
User 1 - runs the installer
User 2 - runs the installed application
If user 1 get an error "Permission denied" I still don't know, about user 2. I need to check the permission for an other useraccount during the process of installation.
I may use net use /user:<user2> <passwd2> but I'm not sure, if I get all information I need. I get the information, that the path exists, but not, if User 2 is allowed to write.
before java 7, you don't have standard way to check if a user can write to a java file using standard library. this is because the old java io just is not power enough.
for example, File.canWrite() will not work if consider file owner, etc....
what you can do is check it in directly, for example, try to write a empty line to it. (this need to consider you application,if your application just don't care a blank line at end and auto delete ending blank lines , then it works..... this is just an example, you can get many tricky ways considering your applicaton.