diff --git a/core/src/main/java/org/elasticsearch/bootstrap/Security.java b/core/src/main/java/org/elasticsearch/bootstrap/Security.java index 8f421f4bb0f..a30608aa04f 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/Security.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/Security.java @@ -118,25 +118,25 @@ final class Security { static Permissions createPermissions(Environment environment) throws IOException { Permissions policy = new Permissions(); // read-only dirs - addPath(policy, environment.binFile(), "read,readlink"); - addPath(policy, environment.libFile(), "read,readlink"); - addPath(policy, environment.pluginsFile(), "read,readlink"); - addPath(policy, environment.configFile(), "read,readlink"); - addPath(policy, environment.scriptsFile(), "read,readlink"); + addPath(policy, "path.home", environment.binFile(), "read,readlink"); + addPath(policy, "path.home", environment.libFile(), "read,readlink"); + addPath(policy, "path.plugins", environment.pluginsFile(), "read,readlink"); + addPath(policy, "path.conf", environment.configFile(), "read,readlink"); + addPath(policy, "path.scripts", environment.scriptsFile(), "read,readlink"); // read-write dirs - addPath(policy, environment.tmpFile(), "read,readlink,write,delete"); - addPath(policy, environment.logsFile(), "read,readlink,write,delete"); + addPath(policy, "java.io.tmpdir", environment.tmpFile(), "read,readlink,write,delete"); + addPath(policy, "path.logs", environment.logsFile(), "read,readlink,write,delete"); if (environment.sharedDataFile() != null) { - addPath(policy, environment.sharedDataFile(), "read,readlink,write,delete"); + addPath(policy, "path.shared_data", environment.sharedDataFile(), "read,readlink,write,delete"); } for (Path path : environment.dataFiles()) { - addPath(policy, path, "read,readlink,write,delete"); + addPath(policy, "path.data", path, "read,readlink,write,delete"); } for (Path path : environment.dataWithClusterFiles()) { - addPath(policy, path, "read,readlink,write,delete"); + addPath(policy, "path.data", path, "read,readlink,write,delete"); } for (Path path : environment.repoFiles()) { - addPath(policy, path, "read,readlink,write,delete"); + addPath(policy, "path.repo", path, "read,readlink,write,delete"); } if (environment.pidFile() != null) { // we just need permission to remove the file if its elsewhere. @@ -145,10 +145,20 @@ final class Security { return policy; } - /** Add access to path (and all files underneath it */ - static void addPath(Permissions policy, Path path, String permissions) throws IOException { - // paths may not exist yet - ensureDirectoryExists(path); + /** + * Add access to path (and all files underneath it) + * @param policy current policy to add permissions to + * @param configurationName the configuration name associated with the path (for error messages only) + * @param path the path itself + * @param permissions set of filepermissions to grant to the path + */ + static void addPath(Permissions policy, String configurationName, Path path, String permissions) { + // paths may not exist yet, this also checks accessibility + try { + ensureDirectoryExists(path); + } catch (IOException e) { + throw new IllegalStateException("Unable to access '" + configurationName + "' (" + path + ")", e); + } // add each path twice: once for itself, again for files underneath it policy.add(new FilePermission(path.toString(), permissions)); diff --git a/core/src/main/java/org/elasticsearch/bootstrap/StartupError.java b/core/src/main/java/org/elasticsearch/bootstrap/StartupError.java index ee24b4d119d..f48b0833221 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/StartupError.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/StartupError.java @@ -59,10 +59,7 @@ class StartupError extends RuntimeException { cause = getFirstGuiceCause((CreationException)cause); } - String message = cause.getMessage(); - if (message == null) { - message = "Unknown Error"; - } + String message = cause.toString(); s.println(message); if (cause != null) { diff --git a/core/src/main/java/org/elasticsearch/plugins/PluginsService.java b/core/src/main/java/org/elasticsearch/plugins/PluginsService.java index e20418ce01b..e036b924360 100644 --- a/core/src/main/java/org/elasticsearch/plugins/PluginsService.java +++ b/core/src/main/java/org/elasticsearch/plugins/PluginsService.java @@ -107,7 +107,7 @@ public class PluginsService extends AbstractComponent { List bundles = getPluginBundles(environment); tupleBuilder.addAll(loadBundles(bundles)); } catch (IOException ex) { - throw new IllegalStateException(ex); + throw new IllegalStateException("Unable to initialize plugins", ex); } plugins = tupleBuilder.build(); @@ -279,9 +279,10 @@ public class PluginsService extends AbstractComponent { } static List getPluginBundles(Environment environment) throws IOException { - ESLogger logger = Loggers.getLogger(Bootstrap.class); + ESLogger logger = Loggers.getLogger(PluginsService.class); Path pluginsDirectory = environment.pluginsFile(); + // TODO: remove this leniency, but tests bogusly rely on it if (!isAccessibleDirectory(pluginsDirectory, logger)) { return Collections.emptyList(); } diff --git a/core/src/test/java/org/elasticsearch/bootstrap/BootstrapForTesting.java b/core/src/test/java/org/elasticsearch/bootstrap/BootstrapForTesting.java index 0106f2a103d..83ae87580bb 100644 --- a/core/src/test/java/org/elasticsearch/bootstrap/BootstrapForTesting.java +++ b/core/src/test/java/org/elasticsearch/bootstrap/BootstrapForTesting.java @@ -101,7 +101,7 @@ public class BootstrapForTesting { } } // java.io.tmpdir - Security.addPath(perms, javaTmpDir, "read,readlink,write,delete"); + Security.addPath(perms, "java.io.tmpdir", javaTmpDir, "read,readlink,write,delete"); // custom test config file if (Strings.hasLength(System.getProperty("tests.config"))) { perms.add(new FilePermission(System.getProperty("tests.config"), "read,readlink")); diff --git a/core/src/test/java/org/elasticsearch/bootstrap/SecurityTests.java b/core/src/test/java/org/elasticsearch/bootstrap/SecurityTests.java index 66abc4a77df..eaa2592b768 100644 --- a/core/src/test/java/org/elasticsearch/bootstrap/SecurityTests.java +++ b/core/src/test/java/org/elasticsearch/bootstrap/SecurityTests.java @@ -244,7 +244,7 @@ public class SecurityTests extends ESTestCase { assumeNoException("test cannot create symbolic links with security manager enabled", e); } Permissions permissions = new Permissions(); - Security.addPath(permissions, link, "read"); + Security.addPath(permissions, "testing", link, "read"); assertExactPermissions(new FilePermission(link.toString(), "read"), permissions); assertExactPermissions(new FilePermission(link.resolve("foo").toString(), "read"), permissions); assertExactPermissions(new FilePermission(target.toString(), "read"), permissions);