I'm working on a client that gets a credential from a server and stores it in a file. I'd like to a) make the file readable only by the owner and b) check before subsequent use that the file is readable only by the owner.
This is trivial on Linux. My problem is with Windows.
Should I delete all the ACEs other than the owner's that grant read permission? Or just delete all ACEs other than the owner's?
Or is it sufficient to add "deny" ACEs for the group and "Everyone"?
Or some third way?
I'm aware that a file can have inherited access rights but I'm not sure how to detect that and deauthorize everyone but the owner.
If it's relevant, the application that creates the file is in Java and the application that uses the file is in C++.
Related
Locker Apps is a Folder Lock application, how can I lock files or folders on Windows using Java?
Here is what I tried:
File file = new File(file path);
file.setExecutable(false);
file.setWritable(false);
file.setReadable(false);
But only file.setwritable(false); works - I can't rewrite the file. Other methods do nothing to the file.
These methods are simply setting the file system access permissions for the file. In order to understand them, you need to understand the OS / file system access control rules.
For example, on Linux file.setWriteable(false) is equivalent to running chmod u-w file to clear the "owner write" access bit:
Note:
chmod can only change any permissions on the file if you are the owner of the file, or if you are running as root.
The owner write permission means that owner (or root) can execute the file, or not. If you are neither, then that permission does not affect you.
So there are at least two possible reasons why setWriteable may not be "working".
You are not executing your Java program as the file owner or root. In that case, setWriteable will return false. But note that you don't check the result!
You are not trying to write the file as the file's owner. In that case, the access but you just removed (in Java) does not affect you.
Solutions:
There is a newer / better API for setting file permissions in Java in the java.nio.file.Files class:
public static Path setPosixFilePermissions(
Path path,
Set<PosixFilePermission> perms)
throws IOException
This allows you to set / clear all avail POSIX file permissions in one call, and it with throw an exception if it can't for any reason.
Many file systems also support more sophisticated ACL mechanisms ....
HOWEVER
None of this is equivalent to the functionality provided by a File Locker app. Why? Because any attempt to block file access via file permissions or ACLs can trivially be reversed by someone with root access. Provided you know what it is doing at a technical level.
What the Windows "Folder Lock" app can apparently encrypt files or hide them. Files can be marked as hidden natively in Java 7 and later by setting the "dos:hidden" attribute; see https://stackoverflow.com/a/42816082/139985. It is probably also using permissions and ACLs to restrict access, that can be doing on Java too. It may also be doing other things. The documentation says (unhelpfully!):
Once the files are locked, it becomes protected in every possible way and can only be accessed through the Folder Lock security application.
That sounds like marketing rather than truth, and is almost certainly untrue. However figuring out what the app is actually doing, would require me to get a Windows machine, download and install the software, and then violate the license by attempting to reverse engineer it.
But note that the above method for "hiding" is Windows specific. On Linux / Mac OS you "hide" a file from some commands by making the first character of the file name a dot (".") character.
I've used Commons IO to write a program that copy files and other things. But I want to copy a file to a local ip address \\10.x.x.x, but the user doesn't have rights to do the copy, so I need to put an ID and password to access it. However I cannot find a way I can do that.
To move file I use :
FileUtils.moveFileToDirectory(fichier, destDir,true);
But my directory is something like \\10.x.x.x\files and only a few users can write in that directory so I have an ID & password that let you move files there. I want that even if the users don't have rights to move files to that directory my program can do it.
It is not really the way Windows security works. If you really want to do it that way, you will have to use Java Native Interface or Java Native Access, and manage to call the WNetAddConnection function from Mpr.dll (and do not forget to call WNetCancelConnection when done).
But you would have to store a password in your program, which is poor security practice.
The standard way to do that would be to start a service that would run under a user that has access to the desired directory, and have your program to communicate with it using whatever you want, the simplest way being probably TCP/IP. But unless you have special requirement for that I would not recommend to use Jave for those kinds of program.
A more Java alternative would be to start a Tomcat service on server machine running under a user having access to the directory. That way you just have to develop a standard Java Web Application able to upload files that would save the files to the proper directory. But it would be a traditionnal and portable Java application with no need for JNI nor JNA.
If cannot use a Tomcat and do not want to invest to much on it, you could split the program in pieces :
one client program that copies files on a directory (on server machine) with File creation rights for everybody - can decays to the copy utility if nothing more has to be done or can easily written in Java
one server program that will run on server machine under a user that has full write permissions on target directory. This one can also be easily written in Java
you can easily install the server program as a service on the server machine with sc and srvany according to this answer on ServerFault
If you use a client program, you could easily add a digital signature file with each copied file, but as I said above, it is poor security practice and add little if any security. At least the program should be executable and not readable, and the sources should be kept hidden. It is better to log the users that copied the file and ask them what happened is you find a problem.
I know there is getPermissions() method but I don't know how to use it. How can I check using JSch, if user can read files?
First, you should generally ask a functional question (what do you want to achive), to get an useful answer. You ask for an implementation/technical detail, hence my possibly useless technical answer:
SftpATTRS.getPermissions() returns numerical representation of *nix permissions:
https://en.wikipedia.org/wiki/File-system_permissions#Numeric_notation
It's on its own NOT enough to determine, if the current user has permissions to read the file. In addition you have to know: who is the owner of the file (the getUId returns owner ID, but there's no API in SFTP to map that to/from username) and what is a group of the file (the getGId, the same).
So you can only be sure that user can read the file, when everyone have permissions to do so. What you can tell by presence of flag 0004 (read permissions for other class). But lack of the flag does not mean user cannot read the file, e.g. in case user is an owner of the file and there's flag 0400 (read permissions for owner class).
Also note that, when the remote system is not *nix (e.g. it's Windows), the getPermissions() value is usually irrelevant anyway.
Non-trivial, but only reliable way, is to dig into JSch source code and extract new API to open file for reading. Then you can just try to open the file (you do not have to read anything actually) to tell, if user has permissions to do so.
In general, there is no point trying to detect, if you have permissions for an operation. Try the operation and see if it succeeds or not.
I have one question about Android. I need to run one of my activities only once - at the beggining. So, usually the best solution is to create file which contains flag isFirstRun and check the value after application's start.
But in my application it is very important to protect this file before deleting by user. Even if user has rooted phone he should not be able to change the value or delete this file.
So, is it possible to write this information to any Android system registry or somewhere else where user can't change this value?
No, it is not possible, for a simple reason, a root user have access to everything by definition. It won't make sense to have a program that has more rights than root.
The user can delete all the data your application saves. Consider saving this information on some server.
I'm coding a little library which will handle xml files to store some data, and I need this data to be handled only by the methods I provide in my library.
I know that xml is readable for both human and machine, and that if somebody really wants to modify the xml file he'll probably do it, so... do any of you have an idea that could work?
You can store more information in it, such as a hash of the content (before the hash was inserted of course).
When you will reload this file, you can check the hash. If it doesn't match with the current hash of your file, well it has been modified.
Well, there is no definitive way to block access to that file. But you can use several measures to make it hard on manual overriding of the file.
First thing you can do is lock the file (need to ensure OS compatibility) for as long as your application is running. Anyone can circumvent an OS file lock, but it is not trivial for an average user.
Second, you can consider encrypting the file on application termination. Restoring the key can be done from application code inspection, but again - a non-trivial effort.
As you said above, you have already implented a method that detects file changes, and you want a way how to prevent these modifications.
Usally, that's not possible. I'll explain at the end.
You have a few choices what to do:
If you want to prevent modifications while the program is running, you can lock the file. This will prevent applications from accessing it, but when your program exits, the lock will be released. (Example)
If you want to prevent access while the program is not running, you'll have to change file system permissions to forbid the user to edit the file. This is way more difficult as it is filesystem-related, and some filesystems like FAT haven't got file permissions at all.
You could write a "daemon" script that watches for file changes and revert them.
But all these possibilities have one problem - a program usally has the same permissions as the user, so everything the program does can be undone by the user. If your program has access, the user has too.
If you lock a file, the user could use a tool like Unlocker to release the lock, and edit it anyway. If your program sets file permissions, the user can simply change them back. On some systems, it might be possible to prevent this, but then your program looses access too. Bad. If you write a daemon, the user can kill it.
The only possibility is to have the program running with more rights than the user, and store the data on a place where the user has no access too. As example, on Windows, you can run it as a service. This requries the user to not have Administrator rights (or root, on Unix systems).
If the user is admin or root, you've lost, as he has full access to the system and you can't hide. (on Windows, there is one more level, the SYSTEM user, but an admin user can easily get these rights too).
Append a hash of the file concatenated with a secret key to the end of the file. Like an XML comment
<!-- 0123456789abcdefabcdef0123456789 -->
Upon opening the file you hash it again with the appended secret key and verify it.
Some psuedo code to clarify.
# Read
secret = "Secret key"
file = get_file_contents("file.xml")
content = strip_trailing_comment(file)
hash = get_content_hash(file)
if sha1(content + secret) == hash:
# File is valid
# Write
secret = "Secret key"
content = content_to_xml()
hash = sha1(content + secret)
content_with_hash = append_comment(hash)
write_to_file("file.xml", content_with_hash)
Hope that clears up potential misunderstandings. This way the code is still human readable, if you want that, and hard to tamper with.
As I understand from discussions and your question, you want to store the data as xml, and difficult for user to open/modify it.
In that case you will have to do some additional work:
Create the xml file with hash information as suggested by Colin HEBERT
Zip the file with password protection, the password to which only your app will know
There is a question on stackoverflow on how to password protect your zip file
In this approach, mind you, the xml file does not even become readable.
If you want your files to be readable, then you could probably use a seperate user id for your application (unix user id or windows userid) as owner of the files. and only allow that user to modify the files, but still this won't be a 100% solution.