File access using java.io  Specifying directories for file I/O: UNIX platforms

Chapter 8: File and Network Access Using Java

User identity and permissions

When Adaptive Server starts, the server process executes using the system user ID that started the process. For example, if Adaptive Server is started by a system user ID “sybase”:

% ps -Usybase -o user,pid,command

USER      PID   CMD
sybase   20405   /sybase/ASE-15-0/bin/dataserver ...

Thus, all interactions between the Adaptive Server process and the operating system are associated with the system user ID that started Adaptive Server.

In the server, however, the situation is different. As each user logs in to the server, the user does so with a user ID defined on the Adaptive Server server. This user ID is distinct from the user ID defined on the host machine—even though it might be expected that a user ID represents the same person on both Adaptive Server and the operating system.

Within the database, users may perform different actions based on the roles assigned to them. It is likely that users logged in to Adaptive Server do not have user accounts on the host machine. Thus, the user account that started the server may be acting as a proxy for any number of database users. For example, suppose two files are to be read by the Adaptive Server users (file permissions are strictly read-only for the user). 

-r----------1 sybase sybuser    1263 Aug 19 18:54 myfile1.dat
-r----------1 jdoe   sybuser     952 Aug  7  9:02 myfile2.dat

If users log in to Adaptive Server to run a Java method that attempts to read these files, the Java file I/O eventually comes down to the functions managed by the host interface:

isql -Usa -P...
isql -Ujdoe -P...
isql -Ujanedoe -P...

The behavior of the underlying read() runtime function is the same for each user. Every user can read myfile1.dat, which is owned by the system user ID “sybase” because the server is identified to the operating system as owned by that user. However, no user can read myfile2.dat, even though it appears to be owned by one of the database users, because all database user identities are compressed into a single operating system identity “sybase,” which is associated with the process owner. Thus, file access is denied.




Copyright © 2011. Sybase Inc. All rights reserved. Specifying directories for file I/O: UNIX platforms

View this document as PDF