Question: I'm looking for a way to configure Java to create new files with a particular permission set by default.
Problem: I have a Spring Boot app which uses the following:
All of these libraries create new files on the local file system, and when they do, they produce world-writeable files (666 for files and 777 for directories). I have seen this on macOS 10.13 (user has "umask 0022") and on Amazon Linux (user has "umask 0002").
If I was directly managing the creation of the files, I can do what I need with PosixFilePermission, but since file creation is delegated to the libraries, I don't have that opportunity. I could potentially set a timer to discover new files and set the permissions directly, but I'm not wild about that approach.
Log4J2 v2.9 added a filePermissions field to RollingFileAppender, so I have hope for one of my problems, but I'm not able to find something similar for H2 or Ehcache. Ideally, I'd like to do this at the JVM/Boot level for simplicity and future-proofing.
Turns out this is a red herring. The issue is not with java, it's with the YAJSW service wrapper that launches the java process. YAJSW has several parameters for setting umask, including on the child process, but they are not implemented yet. Launching the app outside of YAJSW produces files that obey the user's umask.