db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5442) Create documentation for restrictive file permissions feature
Date Wed, 11 Apr 2012 22:05:16 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13251976#comment-13251976

Dag H. Wanvik commented on DERBY-5442:

Maybe something like this can help?

"Controlling database file access

When Java creates new files, the visibility (access) of the new file
is normally by JVM's environment and the file's location only,
cf. umask on Unix/Linux and defualt file permissions on Windows NTFS.

On Java 7 and newer, Derby may (further) restrict the file permissions
to the OS account that started the Java process, which is the minimum
needed for operation. This means that other operating system accounts
will have no access to directories or files created by Derby. This can
be helpful in enhancing default security for database files.

The exact behavior is determined by two factors: how the Derby engine
is started, and the the presence of (or not) and given value of the Java property

The following matrix shows which approach is used:


For more information, see "derby.storage.useDefaultFilePermissions" in
the Derby Reference Manual.
> Create documentation for restrictive file permissions feature
> -------------------------------------------------------------
>                 Key: DERBY-5442
>                 URL: https://issues.apache.org/jira/browse/DERBY-5442
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Documentation
>            Reporter: Dag H. Wanvik
>            Assignee: Kim Haase
>             Fix For:
>         Attachments: DERBY-5442.diff, DERBY-5442.stat, DERBY-5442.zip

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message