Issue #5451 - Private Work Dir

jetty-http/src/main/java/org/eclipse/jetty/http/MultiPartFormInputStream.java

@@ -42,7 +42,6 @@
 
 import org.eclipse.jetty.util.BufferUtil;
 import org.eclipse.jetty.util.ByteArrayOutputStream2;
-import org.eclipse.jetty.util.IO;
 import org.eclipse.jetty.util.LazyList;
 import org.eclipse.jetty.util.MultiException;
 import org.eclipse.jetty.util.MultiMap;
@@ -152,8 +151,8 @@ protected void write(byte[] bytes, int offset, int length) throws IOException
 
         protected void createFile() throws IOException
         {
-            Path parent = MultiPartFormInputStream.this._tmpDir.toPath();
-            Path tempFile = Files.createTempFile(parent, "MultiPart", "", IO.getUserOnlyFileAttribute(parent));
+            // Create temp file in Context tempDir (which is user private already)
+            Path tempFile = Files.createTempFile(MultiPartFormInputStream.this._tmpDir.toPath(), "MultiPart", "");
             _file = tempFile.toFile();
 
             OutputStream fos = Files.newOutputStream(tempFile, StandardOpenOption.WRITE);

jetty-server/src/main/java/org/eclipse/jetty/server/Server.java

@@ -80,6 +80,8 @@ public class Server extends HandlerWrapper implements Attributes
     private final ThreadPool _threadPool;
     private final List<Connector> _connectors = new CopyOnWriteArrayList<>();
     private SessionIdManager _sessionIdManager;
+    private String _tmpDirPosixPerms = "rwx------";
+    private boolean _workDirPersistent = true;
     private boolean _stopAtShutdown;
     private boolean _dumpAfterStart = false;
     private boolean _dumpBeforeStop = false;
@@ -210,6 +212,16 @@ public void setStopAtShutdown(boolean stop)
         _stopAtShutdown = stop;
     }
 
+    public String getTempDirectoryPosixPermissions()
+    {
+        return _tmpDirPosixPerms;
+    }
+
+    public boolean isWorkDirectoryPersistent()
+    {
+        return _workDirPersistent;
+    }
+
     /**
      * @return Returns the connectors.
      */
@@ -583,6 +595,22 @@ public void setSessionIdManager(SessionIdManager sessionIdManager)
         _sessionIdManager = sessionIdManager;
     }
 
+    /**
+     * Set the POSIX permission string used for the Temp Directory creation for all webapps deployed on the server.
+     *
+     * @param perms the string for temp directory permissions
+     * @see java.nio.file.attribute.PosixFilePermissions#fromString(String)
+     */
+    public void setTempDirectoryPosixPermissions(String perms)
+    {
+        _tmpDirPosixPerms = perms;
+    }
+
+    public void setWorkDirectoryPersistent(boolean flag)
+    {
+        _workDirPersistent = flag;
+    }
+
     /*
      * @see org.eclipse.util.AttributesMap#clearAttributes()
      */

jetty-util/src/main/java/org/eclipse/jetty/util/IO.java

@@ -34,16 +34,8 @@
 import java.nio.ByteBuffer;
 import java.nio.channels.GatheringByteChannel;
 import java.nio.charset.Charset;
-import java.nio.file.FileStore;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.attribute.DosFileAttributeView;
-import java.nio.file.attribute.FileAttribute;
-import java.nio.file.attribute.PosixFileAttributeView;
-import java.nio.file.attribute.PosixFilePermission;
-import java.nio.file.attribute.PosixFilePermissions;
-import java.util.HashSet;
-import java.util.Objects;
 
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
@@ -57,24 +49,6 @@ public class IO
 {
     private static final Logger LOG = Log.getLogger(IO.class);
 
-    private static final FileAttribute<?>[] NO_FILE_ATTRIBUTES = new FileAttribute[0];
-    private static final FileAttribute<?>[] USER_ONLY_POSIX_FILE_ATTRIBUTES =
-        new FileAttribute[]{
-            PosixFilePermissions.asFileAttribute(
-                new HashSet<PosixFilePermission>()
-                {
-                    {
-                        add(PosixFilePermission.OWNER_EXECUTE);
-                        add(PosixFilePermission.OWNER_READ);
-                        add(PosixFilePermission.OWNER_WRITE);
-                        // we don't add GROUP or OTHER write perms here.
-                        add(PosixFilePermission.GROUP_READ);
-                        add(PosixFilePermission.OTHERS_READ);
-                    }
-                }
-            )
-        };
-
     public static final String
         CRLF = "\r\n";
 
@@ -462,58 +436,6 @@ public static void close(Writer writer)
         close((Closeable)writer);
     }
 
-    /**
-     * Get the array of {@link FileAttribute} values for the provided path
-     * that will set the path to Full Read/Write for the user running Jetty,
-     * but Readonly for other users.
-     * <p>
-     * For Unix, that's means {@link java.nio.file.attribute.PosixFileAttributes}
-     * where the World and Other groups have their read / write flags removed.
-     * </p>
-     * <p>
-     * For Windows / Dos, that means {@link java.nio.file.attribute.DosFileAttributes}
-     * </p>
-     */
-    public static FileAttribute<?>[] getUserOnlyFileAttribute(Path path)
-    {
-        FileStore fileStore = null;
-        try
-        {
-            // Obtain a reference to the FileStore to know what kind of read-only we are capable of.
-            fileStore = Files.getFileStore(Objects.requireNonNull(path));
-
-            if (fileStore == null)
-            {
-                // Not on a properly implemented FileStore (seen with 3rd party FileStore implementations)
-                // We cannot do anything in this case, so just return.
-                return NO_FILE_ATTRIBUTES;
-            }
-
-            if (fileStore.supportsFileAttributeView(DosFileAttributeView.class))
-            {
-                // We are on a Windows / DOS filesystem.
-                // It might support ACL, but we don't attempt to support that here.
-                return NO_FILE_ATTRIBUTES;
-            }
-
-            if (fileStore.supportsFileAttributeView(PosixFileAttributeView.class))
-            {
-                // We are on a Unix / Linux / OSX system
-                return USER_ONLY_POSIX_FILE_ATTRIBUTES;
-            }
-
-            // If we reached this point, we have a Path on a FileSystem / FileStore that we cannot control.
-            // So skip the attempt to set readable.
-        }
-        catch (IOException e)
-        {
-            if (LOG.isDebugEnabled())
-                LOG.debug("Unable to determine attribute types on path: {}", path, e);
-        }
-
-        return NO_FILE_ATTRIBUTES;
-    }
-
     public static byte[] readBytes(InputStream in)
         throws IOException
     {

jetty-util/src/main/java/org/eclipse/jetty/util/MultiPartInputStreamParser.java

@@ -190,8 +190,8 @@ protected void write(byte[] bytes, int offset, int length)
         protected void createFile()
             throws IOException
         {
-            Path parent = MultiPartInputStreamParser.this._tmpDir.toPath();
-            Path tempFile = Files.createTempFile(parent, "MultiPart", "", IO.getUserOnlyFileAttribute(parent));
+            // Create temp file in Context tempDir (which is user private already)
+            Path tempFile = Files.createTempFile(MultiPartInputStreamParser.this._tmpDir.toPath(), "MultiPart", "");
             _file = tempFile.toFile();
 
             OutputStream fos = Files.newOutputStream(tempFile, StandardOpenOption.WRITE);

jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebAppContext.java

@@ -60,6 +60,7 @@
 import org.eclipse.jetty.util.AttributesMap;
 import org.eclipse.jetty.util.Loader;
 import org.eclipse.jetty.util.MultiException;
+import org.eclipse.jetty.util.StringUtil;
 import org.eclipse.jetty.util.URIUtil;
 import org.eclipse.jetty.util.annotation.ManagedAttribute;
 import org.eclipse.jetty.util.annotation.ManagedObject;
@@ -177,6 +178,7 @@ public class WebAppContext extends ServletContextHandler implements WebAppClassL
 
     private File _tmpDir;
     private boolean _persistTmpDir = false;
+    private String _tmpDirPosixPerms;
 
     private String _war;
     private String _extraClasspath;
@@ -517,6 +519,11 @@ protected void doStart() throws Exception
     {
         try
         {
+            if (StringUtil.isBlank(_tmpDirPosixPerms))
+            {
+                _tmpDirPosixPerms = getServer().getTempDirectoryPosixPermissions();
+            }
+
             _metadata.setAllowDuplicateFragmentNames(isAllowDuplicateFragmentNames());
             Boolean validate = (Boolean)getAttribute(MetaData.VALIDATE_XML);
             _metadata.setValidateXml((validate != null && validate));
@@ -1298,12 +1305,29 @@ public void setTempDirectory(File dir)
         setAttribute(TEMPDIR, _tmpDir);
     }
 
+    /**
+     * Set the POSIX permission string used for the Temp Directory for this specific webapp.
+     *
+     * @param perms the string for temp directory permissions
+     * @see java.nio.file.attribute.PosixFilePermissions#fromString(String)
+     */
+    public void setTempDirectoryPosixPermissions(String perms)
+    {
+        this._tmpDirPosixPerms = perms;
+    }
+
     @ManagedAttribute(value = "temporary directory location", readonly = true)
     public File getTempDirectory()
     {
         return _tmpDir;
     }
 
+    @ManagedAttribute(value = "temporary directory perms", readonly = true)
+    public String getTempDirectoryPosixPermissions()
+    {
+        return _tmpDirPosixPerms;
+    }
+
     /**
      * If true the temp directory for this
      * webapp will be kept when the webapp stops. Otherwise,

jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java

@@ -24,8 +24,12 @@
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.net.URLClassLoader;
+import java.nio.file.FileStore;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.attribute.PosixFileAttributeView;
+import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -456,7 +460,10 @@ public void resolveTempDirectory(WebAppContext context)
             File work = new File(jettyBase, "work");
             if (work.exists() && work.isDirectory() && work.canWrite())
             {
-                context.setPersistTempDirectory(true);
+                if (context.getServer().isWorkDirectoryPersistent())
+                {
+                    context.setPersistTempDirectory(true);
+                }
                 makeTempDirectory(work, context);
                 return;
             }
@@ -507,8 +514,18 @@ public void makeTempDirectory(File parent, WebAppContext context)
         }
         else
         {
-            //ensure file will always be unique by appending random digits
-            tmpDir = Files.createTempDirectory(parent.toPath(), temp).toFile();
+            Path parentPath = parent.toPath();
+            FileStore fileStore = Files.getFileStore(parentPath);
+            if (fileStore.supportsFileAttributeView(PosixFileAttributeView.class))
+            {
+                String workDirPerms = context.getTempDirectoryPosixPermissions();
+                Set<PosixFilePermission> permSet = PosixFilePermissions.fromString(workDirPerms);
+                tmpDir = Files.createTempDirectory(parentPath, temp, PosixFilePermissions.asFileAttribute(permSet)).toFile();
+            }
+            else
+            {
+                tmpDir = Files.createTempDirectory(parentPath, temp).toFile();
+            }
         }
         configureTempDirectory(tmpDir, context);