setting file permissions on datastore directory #15
Conversation
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
|
|
@KatTraxler Thanks for this PR. Can you sign the CLA and update this conversation. |
|
@googlebot I signed it!
…On Tue, Feb 16, 2021 at 10:18 PM google-cla[bot] ***@***.***> wrote:
Thanks for your pull request. It looks like this may be your first
contribution to a Google open source project (if not, look below for help).
Before we can look at your pull request, you'll need to sign a Contributor
License Agreement (CLA).
|
|
Thanks @KatTraxler for the PR. Do you think one of the following may be a better solution:
|
|
Hi @anantdamle Option 1: accepting datastore folder as an input parameter. Allows the user to setup protections outside of the code. Recommendation: |
|
@KatTraxler Thanks for notifying of the bug and proposing a PR. This is a temporary solution. Long term solution is fixing Issue#8. Will work on building that solution. |
You are using the File API to create a directory ('datastore') which ultimately stores OAuth2 credentials. Utilizing methods on the File API, I was able to set the read and write permission on that directory to restrict the permission to the owner of the directory. This change doesn't really fix the issue.
It appears as though the creation of the file which stores the credentials ('StoredCredentials') is being handled by the
[com.google.auth.oauth2.UserCredentials](https://googleapis.dev/java/google-auth-library/0.23.0/index.html)Class. I don't see any native capability to set file permissions in this library.You might need to migrate to a different method of creating the 'StoredCredentials' file, one that allows more control of the StoredCredentials File or request an upgrade to the underlying library.