java.io.File.setReadable(false) has no effect inside docker

java files 8
setreadable java
java 11 files
java paths
what does java io file do
java files walk
java files delete
java files move

The following code succeeds on Ubuntu 18.04 with OpenJDK 8, but fails inside the Docker image maven:3-jdk-8-slim which is based on OpenJDK 8:

String userHome = System.getProperty("user.home");
System.out.println(String.format("system property user.home: %s",
        userHome));
File file = new File(userHome, "file");
if(!file.createNewFile()) {
    throw new IOException("test arrangement failed");
}
if(!file.setReadable(false)) {
    throw new IOException("test arrangement failed");
}
assertFalse(file.canRead());

Failure details:

java.lang.AssertionError
    at org.junit.Assert.fail(Assert.java:86)
    at org.junit.Assert.assertTrue(Assert.java:41)
    at org.junit.Assert.assertFalse(Assert.java:64)
    at org.junit.Assert.assertFalse(Assert.java:74)
    at de.richtercloud.docker.java.file.readability.TheTest.testSomeMethod(TheTest.java:23)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
    at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
    at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:252)
    at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:141)
    at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:112)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
    at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
    at org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
    at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:115)
    at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75)

which refers to the assertFalse(file.canRead()) assertion. This assertion should pass because file.setReadable(false) returned true and thus succeeded.

I reproduced the issue in a SSCCE with the Docker-based GitLab CI, so that detailed output can be found at https://gitlab.com/krichter/docker-java-file-readability/-/jobs/203311757. The SSCCE does not contain more information than the above code excerpt, but makes local investigation easier.

I'm looking for an explanation, not a workaround.


The documentation of File.canRead() contains a note that its result may be confusing:

public boolean canRead()

Tests whether the application can read the file denoted by this abstract pathname. On some platforms it may be possible to start the Java virtual machine with special privileges that allow it to read files that are marked as unreadable. Consequently this method may return true even though the file does not have read permissions.

Under docker processes usually run as root giving them privileges unseen by regular users.

Proof that root can read files lacking read permission:

$ echo abcd > somefile
$ ls -l somefile 
-rw-rw-r-- 1 leon leon 5 Aug 26 21:43 somefile

$ cat somefile
abcd

$ chmod a-rw somefile 
$ ls -l somefile 
---------- 1 leon leon 5 Aug 26 21:43 somefile

$ cat somefile
cat: somefile: Permission denied

$ sudo cat somefile
abcd

java.io.File.setReadable(false) has no effect inside docker, I've seen similar results. Files.getPosixFilePermissions will return the expected values, but Files.isReadable and File canRead will return true  Home » Java » java.io.File.setReadable(false) has no effect inside docker java.io.File.setReadable(false) has no effect inside docker Posted by: admin October 22, 2018 Leave a comment


I've seen similar results. Files.getPosixFilePermissions will return the expected values, but Files.isReadable and File canRead will return true when false is "expected"

Adding the userID to the docker command line fixes it for me. Possibly it;s the default user of root that's the issue

java.io.File.setReadable(false) has no effect inside docker , java.io.File.setReadable(false) has no effect inside docker. Posted by: admin August 16, 2018 Leave a comment. Questions: The following code succeeds on  11 java.io.File.setReadable(false) has no effect inside docker Jul 28 '18 9 How to specify an optional regex group with a newline character in checkstyle's RegexpHeader? Oct 21 '15


This assertion should pass because File.canRead() should return false after File.setReadable(false).

Only if setReadable() returns true. As you threw away the return code, instead of acting on it, your tedt is invalid.

File (Java Platform SE 8 ), By default the classes in the java.io package always resolve relative boolean, setReadable(boolean readable, boolean ownerOnly) if and only if the file denoted by this abstract pathname exists and is a directory; false Invoking this method to delete a file or directory that is already registered for deletion has no effect. Requests that the file or directory denoted by this abstract pathname be deleted when the virtual machine terminates. Files (or directories) are deleted in the reverse order that they are registered. Invoking this method to delete a file or directory that is already registered for deletion has no effect.


Java.io.File.setReadable() Method, ownerOnly − The read permission applies only to the owner's read permission if ownerOnly is set to true; else false. Return Value. This method returns true if the  This is a bug report This is a feature request I searched existing issues before opening this one Expected behavior Docker ignores directory which is specified in .dockerignore and proceeds with building an image.


user207421, java.io.File.setReadable(false) has no effect inside docker, 0.00. What is the working directory of my C++ program? -0.03. python-ldap unable to do any basic​  I know I can override this with --dns option and I do that now because I have no choice. But it was really convenient to just set up /etc/hosts real quick and go. Steps to reproduce the behavior. Update docker to version 18.09, add record to /etc/hosts locally, ping that domain from container. Output of docker version:


User Leon, How does template argument deduction work when an overloaded function is java.io.File.setReadable(false) has no effect inside docker · stackoverflow.com. Questions: Could anyone help me this issue? how can I protect source codes api my android app -keep public class package uz.telecom.camera -keep public class MainActivity extends AppCompatActivity -keep public class Objects extends Activity -keep public class Camera extends Activity -keep public class CameraPlay extends Activity -dontnote com.android.vending.licensing.ILicensingService -keep