set permissions for temporary files (#4883)

Author: vladak

opengrok-indexer/src/main/java/org/opengrok/indexer/history/ClearCaseRepository.java

@@ -38,6 +38,7 @@
 import org.opengrok.indexer.configuration.RuntimeEnvironment;
 import org.opengrok.indexer.logger.LoggerFactory;
 import org.opengrok.indexer.util.Executor;
+import org.opengrok.indexer.util.IOUtils;
 
 /**
  * Access to a ClearCase repository.
@@ -96,7 +97,7 @@ boolean getHistoryGet(OutputStream out, String parent, String basename, String r
         try {
             String filename = (new File(parent, basename)).getCanonicalPath()
                     .substring(getDirectoryName().length() + 1);
-            final File tmp = File.createTempFile("opengrok", "tmp");
+            final File tmp = IOUtils.createTemporaryFileOrDirectory(false, "opengrok", "tmp");
             String tmpName = tmp.getCanonicalPath();
 
             // cleartool can't get to a previously existing file

opengrok-indexer/src/main/java/org/opengrok/indexer/history/SSCMRepository.java

@@ -179,7 +179,7 @@ boolean getHistoryGet(OutputStream out, String parent, String basename, String r
 
         File directory = new File(parent);
         try {
-            final File tmp = IOUtils.createTemporaryDirectory("opengrokSSCMtmp");
+            final File tmp = IOUtils.createTemporaryFileOrDirectory(true, "opengrokSSCMtmp", null);
             String tmpName = tmp.getCanonicalPath();
 
             List<String> argv = new ArrayList<>();

opengrok-indexer/src/main/java/org/opengrok/indexer/util/IOUtils.java

@@ -311,18 +311,28 @@ public static String getFileContent(File file) {
 
     /**
      * Create temporary directory with permissions restricted to the owner.
+     * @param isDirectory whether this is a file or directory
      * @param prefix prefix for the temporary directory name
+     * @param suffix optional suffix, can be {@code null} for directories
      * @return File object
      * @throws IOException on I/O error or failure to set the permissions
      */
-    public static File createTemporaryDirectory(String prefix) throws IOException {
+    public static File createTemporaryFileOrDirectory(boolean isDirectory, String prefix, String suffix) throws IOException {
         File tmp;
         if (SystemUtils.IS_OS_UNIX) {
             FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.
                     asFileAttribute(PosixFilePermissions.fromString("rwx------"));
-            tmp = Files.createTempDirectory(prefix, attr).toFile();
+            if (isDirectory) {
+                tmp = Files.createTempDirectory(prefix, attr).toFile();
+            } else {
+                tmp = Files.createTempFile(prefix, suffix, attr).toFile();
+            }
         } else {
-            tmp = Files.createTempDirectory(prefix).toFile();
+            if (isDirectory) {
+                tmp = Files.createTempDirectory(prefix).toFile();
+            } else {
+                tmp = Files.createTempFile(prefix, suffix).toFile();
+            }
             if (!tmp.setReadable(true, true)) {
                 throw new IOException("unable to set read permissions for '" + tmp.getAbsolutePath() + "'");
             }

suggester/src/main/java/org/opengrok/suggest/popular/impl/chronicle/ChronicleMapAdapter.java

@@ -23,17 +23,22 @@
 package org.opengrok.suggest.popular.impl.chronicle;
 
 import net.openhft.chronicle.map.ChronicleMap;
+import org.apache.commons.lang3.SystemUtils;
 import org.apache.lucene.util.BytesRef;
 import org.opengrok.suggest.popular.PopularityMap;
 
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.attribute.FileAttribute;
+import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map.Entry;
+import java.util.Set;
 import java.util.function.Predicate;
 
 /**
@@ -119,10 +124,27 @@ public void resize(final int newMapSize, final double newMapAvgKey) throws IOExc
             throw new IllegalArgumentException("Cannot resize chronicle map to map with negative key size");
         }
 
-        Path tempFile = Files.createTempFile("opengrok", "chronicle");
+        Path tempFilePath;
+        if (SystemUtils.IS_OS_UNIX) {
+            FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.
+                    asFileAttribute(PosixFilePermissions.fromString("rwx------"));
+            tempFilePath = Files.createTempFile("opengrok", "chronicle", attr);
+        } else {
+            tempFilePath = Files.createTempFile("opengrok", "chronicle");
+            File tempFile = tempFilePath.toFile();
+            if (!tempFile.setReadable(true, true)) {
+                throw new IOException("unable to set read permissions for '" + tempFile.getAbsolutePath() + "'");
+            }
+            if (!tempFile.setWritable(true, true)) {
+                throw new IOException("unable to set write permissions for '" + tempFile.getAbsolutePath() + "'");
+            }
+            if (!tempFile.setExecutable(true, true)) {
+                throw new IOException("unable to set executable permissions for '" + tempFile.getAbsolutePath() + "'");
+            }
+        }
 
         try {
-            map.getAll(tempFile.toFile());
+            map.getAll(tempFilePath.toFile());
 
             String field = map.name();
 
@@ -136,10 +158,10 @@ public void resize(final int newMapSize, final double newMapAvgKey) throws IOExc
                     .entries(newMapSize)
                     .keyReaderAndDataAccess(BytesRefSizedReader.INSTANCE, new BytesRefDataAccess())
                     .createPersistedTo(chronicleMapFile);
-            m.putAll(tempFile.toFile());
+            m.putAll(tempFilePath.toFile());
             map = m;
         } finally {
-            Files.delete(tempFile);
+            Files.delete(tempFilePath);
         }
     }