If you run with Java SE 7 or later, and if you start the Derby Network Server from the command line, access to databases and to other files created by Derby is by default restricted to the operating system account that started the Network Server. File access is not restricted for embedded databases or for databases managed by servers that are started programmatically inside application code using the Derby API.
You can override this default behavior by setting the system property derby.storage.useDefaultFilePermissions to either true or false:
If you use a version of Java SE earlier than Java SE 7, this property is ignored, and Derby uses the default file permissions the user has set for their system.
The two tables that follow show how file access works with Java SE 6 and with Java SE 7 and later JVMs. In both tables,
The following table shows how file access works on Java SE 6 systems.
Property Setting | Server Started from Command Line | Server Started Programmatically or Embedded |
---|---|---|
Not applicable | Environment | Environment |
The following table shows how file access works on Java SE 7 and later systems with various settings of the derby.storage.useDefaultFilePermissions property.
Property Setting | Server Started from Command Line | Server Started Programmatically or Embedded |
---|---|---|
No property specified | Restricted | Environment |
Property set to true | Environment | Environment |
Property set to false | Restricted | Restricted |
For more information, see "Controlling database file access" in the Derby Server and Administration Guide.
By default, this property is not set.
derby.storage.useDefaultFilePermissions=true
Dynamic. Existing files will keep their previous permissions, but files created after the property is set will have the permissions specified by the property. If you want all the files in the database to have the same permissions, do not change the property while Derby is running.
For information about dynamic changes to properties, see Dynamic and static properties.