Able to delete a file without permissions
Why am I able to delete a file in my Java code despite the Tomcat user not having the deletion permissions?
My server is running the following code, which deletes and recreates a file if it exists:
File fileCSV = new File(filePath);
try {
if (fileCSV.exists()) {
fileCSV.delete();
}
fileCSV.createNewFile();
} catch (IOException ex) {
throw new FooImportException("Error creating new file");
}
It is able to delete the file despite the user used by the server not having deletion permissions - only read and write permissions.
I am certain that these are the relevant permissions, as the code fails on the file creation line without the "Create files / Write data" permissions. However, it does not fail on the deletion line when lacking the "Delete" permission. What might be the reasoning for this?
According to the JavaDocs for File#delete
public boolean delete()
Deletes the file or directory denoted by this abstract pathname. If this pathname denotes a directory, then the directory must be empty in order to be deleted.
Note that theFilesclass defines thedeletemethod to throw anIOExceptionwhen a file cannot be deleted. This is useful for error reporting and to diagnose why a file cannot be deleted.Returns:
trueif and only if the file or directory is successfully deleted;falseotherwise
Throws:
SecurityException- If a security manager exists and itsSecurityManager.checkDelete(java.lang.String)method denies delete access to the file
So, File#delete does not actually throw an Exception when the file can't be deleted, but instead returns a boolean based on the success of the operation.
If the Exception is important to you, then you should use Files#delete instead.
It's important to note - this only solves the question of "why does it not fail" based on the available code, not the question of "would it fail" based on the available file permissions
- How do I find where JDK is installed on my windows machine?
- CORS in Spring Security (Spring Boot 3)
- Illegal base64url character: ' ' when getting claims/decode from token Java JWT Spring Boot
- Java example of using ExecutorService and PipedReader/PipedWriter (or PipedInputStream/PipedOutputStream) for consumer-producer
- Why Joda DateTime gives different result than Java Date?
- Why am I getting "time limit exceeded" error in binary tree level order traversal problem in leetcode?
- do while loop to for each or for loop
- Switch Between 3 Tabs Using Selenium WebDriver with Java
- Lombok added but getters and setters not recognized in Intellij IDEA
- How do I avoid checking for nulls in Java?
- How to get all week dates for given date java
- IntelliJ IDEA stucks at "collecting data" while debug
- Disconnected from the target VM, address: '127.0.0.1:51928', transport: 'socket'
- UnsupportedOperationException when upgrading from Java 17 to Java 21
- Is there a way to get user's UID on Linux machine using java?
- Environment variable to control java.io.tmpdir?
- Why does my file have race conditions, even though I used StandardOpenOption.SYNC?
- JRuby-1.7.19 UDPSocket "initialize: name or service not known" while scanning IP range
- how to debug spring application with gradle
- Could not resolve all files for configuration ':app:androidJdkImage
- I do not understand why the value of smallCountLoopCount changes from 0 to 1 in the code provided. I expect it to remain at 0
- How can I emulate non-blocking i/o in Java using threads
- H2 in Tomcat SqlException locked by another process when embedded mode
- checking java date with postgresql timestamp without timezone
- Read in different data types from file
- Java, sorting analysis. Heapsort, Quicksort1, Quicksort2, Mergesort, given a blackbox
- How to get the YEAR for week of year for a date?
- What's the difference between Instant and LocalDateTime?
- Problems when a non-generic method overrides a generic method
- Binary search for first occurrence of k