set permissions for temporary directory (#4882)

Author: vladak

opengrok-indexer/src/main/java/org/opengrok/indexer/history/SSCMRepository.java

@@ -30,7 +30,6 @@
 import java.io.IOException;
 import java.io.OutputStream;
 import java.io.Reader;
-import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
@@ -44,6 +43,7 @@
 import org.opengrok.indexer.configuration.RuntimeEnvironment;
 import org.opengrok.indexer.logger.LoggerFactory;
 import org.opengrok.indexer.util.Executor;
+import org.opengrok.indexer.util.IOUtils;
 
 /**
  * Access to Surround SCM repository.
@@ -178,9 +178,8 @@ History getHistory(File file, String sinceRevision)
     boolean getHistoryGet(OutputStream out, String parent, String basename, String rev) {
 
         File directory = new File(parent);
-
         try {
-            final File tmp = Files.createTempDirectory("opengrokSSCMtmp").toFile();
+            final File tmp = IOUtils.createTemporaryDirectory("opengrokSSCMtmp");
             String tmpName = tmp.getCanonicalPath();
 
             List<String> argv = new ArrayList<>();
@@ -236,6 +235,7 @@ boolean getHistoryGet(OutputStream out, String parent, String basename, String r
             LOGGER.log(Level.SEVERE, "Failed to get file", exception);
         }
 
+
         return false;
     }
 

opengrok-indexer/src/main/java/org/opengrok/indexer/util/IOUtils.java

@@ -38,13 +38,18 @@
 import java.nio.file.Path;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
+import java.nio.file.attribute.FileAttribute;
+import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import org.apache.commons.lang3.SystemUtils;
 import org.jetbrains.annotations.NotNull;
 import org.opengrok.indexer.logger.LoggerFactory;
 
@@ -303,4 +308,31 @@ public static String getFileContent(File file) {
         }
         return "";
     }
+
+    /**
+     * Create temporary directory with permissions restricted to the owner.
+     * @param prefix prefix for the temporary directory name
+     * @return File object
+     * @throws IOException on I/O error or failure to set the permissions
+     */
+    public static File createTemporaryDirectory(String prefix) throws IOException {
+        File tmp;
+        if (SystemUtils.IS_OS_UNIX) {
+            FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.
+                    asFileAttribute(PosixFilePermissions.fromString("rwx------"));
+            tmp = Files.createTempDirectory(prefix, attr).toFile();
+        } else {
+            tmp = Files.createTempDirectory(prefix).toFile();
+            if (!tmp.setReadable(true, true)) {
+                throw new IOException("unable to set read permissions for '" + tmp.getAbsolutePath() + "'");
+            }
+            if (!tmp.setWritable(true, true)) {
+                throw new IOException("unable to set write permissions for '" + tmp.getAbsolutePath() + "'");
+            }
+            if (!tmp.setExecutable(true, true)) {
+                throw new IOException("unable to set executable permissions for '" + tmp.getAbsolutePath() + "'");
+            }
+        }
+        return tmp;
+    }
 }