I have been using the Files.getOwner() to try and make a log of folders being made on a network however doing so returns an id as below.
S-1-5-21-1027050117-121514058-1707179805-77926 (Unknown)
What would be the best way to get the login name of the owner instead of the id above?
You can try System.getProperty("user.name"); This will return the environment variable USERNAME.
On Windows 7 with JDK 8 when I run the following Java code
System.out.println(Files.getOwner(Paths.get("C:\\test\\test.txt")));
on a text file I just created, I get the following output:
chris-PC\chris_2 (User)
Where chris-PC is my computer name and chris_2 is my Windows user account. When I googled this problem I found this post where someone has the same issue as you with a samba mapped drive. The response given there is as follows:
As far as I know, this is an internal user ID which Windows displays when it cannot - for >some reason - translate it to the real user name.
I don't know how Samba provides file and folder owners to Windows, but
I'd say that Windows are unable to find that user. That user exists on
unix, it probably doesn't have any relationship to the Windows machine
accessing the share. You'd probably have to set both systems in a way
which would allow them to share user definitions (eg. put them both to
a Windows domain) to be able to display the user name on Windows.
(Just guessing.)
So, I'm not sure if this problem can be reasonably solved.
Related
I am currently working a scenario where we have to create a file in a shared directory in Linux as well as Windows.
I have gone through the following link to achieve it :
https://www.journaldev.com/878/java-write-to-file
https://it.toolbox.com/question/how-to-write-a-file-in-a-network-folder-without-using-ftp-031208
I was able to achieve it in windows network like giving the file name as (\\198.168.1.1\data\files)
But for the Linux first I used NFS to share a particular directory using below links :
https://alvinsim.wordpress.com/2012/06/21/mounting-nfs-from-linux-to-aix/
https://www.tecmint.com/how-to-setup-nfs-server-in-linux/
But got the following exception :
java.io.FileNotFoundException: /data/files (Read-only file system)
I found the following issue resolved in following thread, but I could not succeed :
https://askubuntu.com/questions/197459/how-to-fix-sudo-unable-to-open-read-only-file-system
Any advice is appreciated.
So finally I was able to figure what the problem was.
The entry which I made as per link in /etc/exports file is not sufficient.
We would need to use some options as well like (sync,rw,etc..) for allowing any manual modifications or modifications using any java program.
In my case, I should have used the options (rw,no_root_squash).
And it worked.
As very well explained in :
https://serverfault.com/questions/611007/unable-to-write-to-mount-point-nfs-server-getting-permission-denied/611013#611013?newreg=ce76e9417ca645da9487a5d9ccbf0371
From Docs on :
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-nfs-server-config-exports
root_squash — Prevents root users connected remotely from having root privileges and assigns them the user ID for the user nfsnobody. This effectively "squashes" the power of the remote root user to the lowest local user, preventing unauthorized alteration of files on the remote server. Alternatively, the no_root_squash option turns off root squashing. To squash every remote user, including root, use the all_squash option.
Inside Jenkins Jobs & Builds folder, I am creating a text file and writing some content through Java program. As I am part of corporate network, I am inside firewall with many security rules where I have been restricted to write/update the program files directory under C: drive. Although I am administrator in my local machine, however the company policies are still applied which is denying me access to write/delete any files from the Jenkins directory. I see Jenkins is nicely reading/modifying/writing any files/folders without any issues which is believed to the typical behavior of Jenkins's USER.
Question 1: Is there any way I can use this Jenkins's user through my code so I can avail access on to these directories?
Question 2: Are there ways to solve this issue through Java code? (Note: I have tried writing a file with Run as Administration java code as well)
Kindly let me know if I am missing any details,.any help is highly appreciated.
It's about the user who launched the jenkins server, who might have the permissions to access the directories.
You can use the same user for your operations if available.
Question 1: Is there any way I can use this Jenkins's user through my code so I can avail access on to these directories?
Jenkins users - Jenkins server can have its own users and privileges can be set for each users differently. You cannot use these users outside of Jenkins server.
You can use the user who launched the Jenkins server, must be a user at OS level.
Question 2: Are there ways to solve this issue through Java code? (Note: I have tried writing a file with Run as Administration java code as well)
Again, only OS level users can be used and not the Jenkins users(users created inside Jenkins server)
If you want your application to run with same credentials as Jenkins user, then hold Shift+Right Click your application, select "Run as different user", provide Jenkins's user credentials and press OK.
If you are launching your Java application from command line, do the Shift+Right Click on the cmd.exe first, and once again select "Run as different user"
If you want to impersonate a Windows user from within code, then you should really reword your question body and title (and remove Jenkins references as it has nothing to do with this). But even in this case, you need to know the credentials of the user you are trying to impersonate
I want my program to start before the user logs into the computer. This means that I would like to start my program before the user logs into the computer by entering the password.
In fact my program is one which senses the person in front of the computer and get him logged into the computer using the password which would have already been provided by the user before. For this I would have to put up a screen during the log in process.
Also please help me out about how use the user password to get him logged in.
You need to install your program in such a way that it run as a service on operating system.
Using a third party tool like advanced installed, you could easily do this. Its as simple as a creating a wizard. Check here - http://www.advancedinstaller.com/user-guide/tutorial-java-service.html#preparing
Regarding your second goal, you perhaps want to build something like a 'Fingerprint login' which is common on laptop PC now-a-days.
In the same manner, you need to have some way to capture an identifying data of the user. say a face recognition through a webcam. Your service should get input from the webcam and able to identify the person. Then using the logon service of the operating system, it may supply the pre-input password to automatically login into the system.
We have a java process running as the local system user on windows that needs to access a file that is owned by another user on the system. From what I understand the local system user should have permissions to impersonate that user. To do this we pass the tid and pid of a program that is accessing the file and get the user information (a token) from that. Then we set the token on the current thread. Something like this:
DuplicateTokenEx(hToken,MAXIMUM_ALLOWED,NULL,SecurityImpersonation,TokenImpersonation,&hTokenDup);
SetThreadToken(NULL, hTokenDup);
Where hToken is obtained by opening the thread and then process via their ids.
The problem is when I try to access a file that is only accesible by the user and no one else I am unable to read it. I get an access denied error. So the question is whether or not I should be able to access this file via impersonation and if so is this the correct to impersonate another user given a threadid and pid. I guess also would I see different behavior between windows 7 and windows xp.
For starters, you should always test the return values of your Windows API calls.
Only then will you be sure that the token has indeed been copied and assigned to your process.
Impersonation requires some privileges, which I'm not really not sure you'd have if you're a simple user. I suspect the DuplicateTokenEx function fails.
Try again with administrator privileges (use the "Run as..." tool), and let us know how it goes.
I'm currently writing a Java application to be used with a Windows-Machine authed with an ActiveDirectory. The application basically only needs to know the user's name and hostname. I know there are
System.getProperty("user.name")
and
java.net.InetAddress.getLocalHost().getHostName()
But I am not sure wether System.getProperty("user.name") will function correctly with the VM running on windows (I searched google and found a lot of threads saying it might not work with windows, as it might return something different, depending on the environment-variables
(and I am currently unable to test it [I'm running ubuntu and archLinux]).
So, I wondered if there is a better and more secure way to handle this and stumbled upon NTSystem .
But NTSystem does not seem to be available on Linux (which I use for developing), which - I think - is due to calling native windows code.
My question would hence be: "Is there a secure way to retrieve the logged in user's name in Windows and if yes - how would you accomplish that?"
user.name is inherently insecure because it can be overridden via -Duser.name=XYZ. This might be an issue for you, or it may not be
Obviously NTSystem won't work on Linux but you mention that you are writing a GUI to be run on Windows. Are you trying to validate the Windows user name of the user? You can do this via NTSystem embedded in the code which runs on the Windows client but not (of course) code which runs under the Linux OS.
Or are you trying to validate them on a Linux server? Perhaps you have a kerberos domain you could do this with? (i.e. if there is a kerberos domain, then you can have a secure, authenticated communication between client and server, ensuring that the client is who they say they are)
EDIT: I may be confused by the fact you are saying that you're writing a Java App "in Linux". I took this to mean a Linux server and Windows client - but possibly you just mean that you are using Lenux as your development environment? In this case, you might think of writing a pluggable identification layer which you can switch between using NTSystem on the Windows box and user.name for testing
Use JNA, com.sun.platform.jna.win32 has a number of methods to do this wrapping the Win32 API. Try Advapi32Util.getUserName or Kernel32Util.getUserNameEx.