• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CFExecute java.io.FilePermission Access Denied

Explorer ,
Apr 04, 2017 Apr 04, 2017

Copy link to clipboard

Copied

Hello,

I come here once again seeking help on a problem that I can't find any information about.  I don't have much hope as the last few times I've posted here I have not even gotten a response, but I don't know where else to turn when nothing on web searching is relevant.

I'm trying to get my company upgraded to CF2016 from CF9.  I've gotten around a lot of problems so far, but I've ran into another one.  One part of our software needs to use <cfexecute to run some commands on the server.  Specifically, SVN commands for our deploy to production process.  In CF9 we were able to run <cfexecute without any issues.

In CF2016, when I try to execute a file I'm getting:

An exception occurred when invoking an external process.

The cause of this exception was that: java.security.AccessControlException: access denied ("java.io.FilePermission" "/coldfusion_apps/deployer/test.sh" "execute").

As you can see here, I've created a simple test.sh file for testing purposes.  I've tried dozens of variations of adding java.io.FilePermission "/coldfusion_apps/deployer/*", "read,execute"; to the coldfusion.policy file, as well as the neo_jaas.policy file, and for good measure the default java.policy file and default javaws.policy.  I've also tried adding variations of java.security.AllPermission and other things I've found on the web.  Tried disabling the security manager completely by omitting -Djava.security.manager in the jvm.config file as suggested by some websites, but nope.

The user that coldfusion is run as has full read, write, exeucte access to the directory and file that I'm attempting to cfexecute.  I've even tried setting the file and directory structure to permission 777 (world readable, writable, executable), and still no go.

I cannot figure out what the heck I need to do to make this thing allow executing files...

If anyone can help, it would be greatly appreciated.  Nearing the deadline to have this conversion completed, and if I can't get this working through CF soon, I'm going to have to rewrite our deployer in PHP or something.

Thanks

Views

2.5K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 04, 2017 Apr 04, 2017

Copy link to clipboard

Copied

Can you post you Sandbox Security configuration (located in the CF administrator)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 04, 2017 Apr 04, 2017

Copy link to clipboard

Copied

Sandbox security is not enabled.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 04, 2017 Apr 04, 2017

Copy link to clipboard

Copied

Seems dangerous to me but I did find something on stackoverflow that may help: java.security.AccessControlException: Access denied (java.io.FilePermission - Stack Overflow

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 06, 2017 Apr 06, 2017

Copy link to clipboard

Copied

Yeah, I found that same result when I was searching and tried it with no luck.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 08, 2017 Apr 08, 2017

Copy link to clipboard

Copied

LATEST

I can understand your desperation. But, whatever you do, don't interfere with the JVM settings. If you do, you will break more things than you will fix.

The exceptions have arisen as a result of the move from ColdFusion 9 to ColdFusion 2016. That corresponds to a move in application server from Jrun to Tomcat. That would suggest that Tomcat is responsible for the exception. Hence the following solution.

Revert all the changes you made, bringing the ColdFusion 2016 installation back to its original state.

Stop ColdFusion 2016. You will now edit the file {CF2016_RUNTIME_DIR}/conf/catalina.policy. (Before you go any further, save a backup of the file.) Open the file in a text editor, and locate an entry in the form,

grant {

    ...

}

Add an extra line to the list of granted permissions, as follows:

grant {

     ...

     permission java.io.FilePermission "/coldfusion_apps/deployer/-", "read,write,delete";

     ...

}

Save the file. Restart ColdFusion 2016.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation