Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mr0w6-0000nN-MN for pljava-dev@arkaria.postgresql.org; Sat, 27 Nov 2021 16:52:26 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1mr0w5-00029f-II for pljava-dev@arkaria.postgresql.org; Sat, 27 Nov 2021 16:52:25 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mr0w5-00029W-0O for pljava-dev@lists.postgresql.org; Sat, 27 Nov 2021 16:52:25 +0000 Received: from anastigmatix.net ([68.171.219.55]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mr0vw-0002Vr-HP for pljava-dev@lists.postgresql.org; Sat, 27 Nov 2021 16:52:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=anastigmatix.net; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=kzTnhiC7WSm7GCQEziDhZwydb15FqMTw7OWsNyKYgqo=; b=lqyzeoAbX881wRRnqQfxyNFzDn 5csEv/Mi6WL0oeJHblvMhIsaIMcY4WOsD1GEBq0VbWCwzueeUlzZTNr0leIXDgVgz0eHkOQD7B3IV 60WJsbDJy8IKNl3hyad/Zs+uO89GxjDbpicZUrEChhAZBW5O5LqfKHFWABoVkROqXr01JFFZywFWN VXNGMl8bJL5Bhkjvlv3NUWMUxs4WnyCShOXz/Ktavzl79O/gop4lMMoBJXfKC27TwMNRuavGFmPX3 T7yQ8IdxaHUe+jSZG8FzIYlTIyrD83Q8YIAxgbtJNSATeh7+anKMfzc/mSlwwvvHIbKm09zy9OEI/ dxNkOTHQ==; Received: from [184.19.31.139] (port=43295) by bay.acenet.us with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1mr0vt-00HTaU-3R for pljava-dev@lists.postgresql.org; Sat, 27 Nov 2021 11:52:13 -0500 Subject: Re: why can't I create a file in the pl/java? To: pljava-dev@lists.postgresql.org References: From: Chapman Flack Message-ID: <61A2623C.4070601@anastigmatix.net> Date: Sat, 27 Nov 2021 11:52:12 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - bay.acenet.us X-AntiAbuse: Original Domain - lists.postgresql.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - anastigmatix.net X-Get-Message-Sender-Via: bay.acenet.us: authenticated_id: chap@anastigmatix.net X-Authenticated-Sender: bay.acenet.us: chap@anastigmatix.net X-Source: X-Source-Args: X-Source-Dir: X-From-Rewrite: unmodified, already matched List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 11/27/21 09:14, 595926716 wrote: > I tried to create a temporary file in the program, it could not be created, > my code: > File.createTempFile("tmp", "txt"); > reported an error when I ran it in the PostgreSQL >> ERROR: java.sql.SQLDataException: Unable to create temporary file > > How do I create temporary files? please help me, thank you! Hello, I see from the further details in your GitHub issue that the function in question looks like this: @Function public static String hello(String toWhom) throws Exception { File f = File.createTempFile("tmp", ".txt"); return "test"; } When you use @Function without a trust= element[1], that element defaults to SANDBOXED, and will prevent your function from opening files. Because this is PL/Java 1.6, you have a variety of options for doing what you want. The simplest would be to simply change the annotation to @Function(trust=UNSANDBOXED), and then PL/Java will not apply any file-access restrictions. (The underlying OS permissions will continue to apply.) The "UNSANDBOXED" setting does not really mean there are no limits applied to the code. In fact, "SANDBOXED" and "UNSANDBOXED" apply pretty much exactly the same limits, with the *only* difference being that the "UNSANDBOXED" policy includes permission java.io.FilePermission "<>", "read,write,delete,readlink"; and the "SANDBOXED" policy does not. If you did not want to give your function those broad permissions on all files, you could also edit the pljava.policy file and add a permission to the policy for PLPrincipal$Sandboxed *. For example, you could add something like: permission java.io.FilePermission "${java.io.tmpdir}/*", "read,write,delete"; and then you could create functions in the default "SANDBOXED" languge and they would still be able to use files in the temporary directory, but not other files. If you wanted only certain functions to be able to do that, you could go further and create a new "alias Java language"[2], such as java_with_tempfiles, and you could edit the policy file to grant the new permission only to that "language". Then you could use @Function(language="java_with_tempfiles") on the functions that will need that permission, and other functions will default to the "SANDBOXED" language and will not have it. This page [3] gives the details of configuring permissions in PL/Java. You will see an important note at the end of that page about Java changes coming (in versions after Java 17) that will require some of the details to eventually change. Regards, -Chap [1] https://tada.github.io/pljava/pljava-api/apidocs/org.postgresql.pljava/org/postgresql/pljava/annotation/Function.html#trust() [2] https://tada.github.io/pljava/pljava/apidocs/org.postgresql.pljava.internal/org/postgresql/pljava/management/Commands.html#alias_java_language [3] https://tada.github.io/pljava/use/policy.html