derby.storage.useDefaultFilePermissions

Function

If you run with Java SE 7 or later, and if you start the Derby Network Server from the command line, access to databases and to other files created by Derby is by default restricted to the operating system account that started the Network Server. File access is not restricted for embedded databases or for databases managed by servers that are started programmatically inside application code using the Derby API.

You can override this default behavior by setting the system property derby.storage.useDefaultFilePermissions to either true or false:

If you use a version of Java SE earlier than Java SE 7, this property is ignored, and Derby uses the default file permissions the user has set for their system.

The two tables that follow show how file access works with Java SE 6 and with Java SE 7 and later JVMs. In both tables,

The following table shows how file access works on Java SE 6 systems.

Table 1. File access on Java SE 6 systems
Property Setting Server Started from Command Line Server Started Programmatically or Embedded
Not applicable Environment Environment

The following table shows how file access works on Java SE 7 and later systems with various settings of the derby.storage.useDefaultFilePermissions property.

Table 2. File access on Java SE 7 and later systems
Property Setting Server Started from Command Line Server Started Programmatically or Embedded
No property specified Restricted Environment
Property set to true Environment Environment
Property set to false Restricted Restricted

For more information, see "Controlling database file access" in the Derby Server and Administration Guide.

Default

By default, this property is not set.

Example

derby.storage.useDefaultFilePermissions=true

Scope

system-wide

Dynamic or static

Dynamic. Existing files will keep their previous permissions, but files created after the property is set will have the permissions specified by the property. If you want all the files in the database to have the same permissions, do not change the property while Derby is running.

For information about dynamic changes to properties, see Dynamic and static properties.

Related reference
derby.authentication.builtin.algorithm
derby.authentication.builtin.iterations
derby.authentication.builtin.saltLength
derby.authentication.ldap.searchAuthDN
derby.authentication.ldap.searchAuthPW
derby.authentication.ldap.searchBase
derby.authentication.ldap.searchFilter
derby.authentication.native.passwordLifetimeMillis
derby.authentication.native.passwordLifetimeThreshold
derby.authentication.provider
derby.authentication.server
derby.connection.requireAuthentication
derby.database.classpath
derby.database.defaultConnectionMode
derby.database.forceDatabaseLock
derby.database.fullAccessUsers
derby.database.noAutoBoot
derby.database.propertiesOnly
derby.database.readOnlyAccessUsers
derby.database.sqlAuthorization
derby.infolog.append
derby.jdbc.xaTransactionTimeout
derby.language.logQueryPlan
derby.language.logStatementText
derby.language.sequence.preallocator
derby.language.statementCacheSize
derby.locks.deadlockTimeout
derby.locks.deadlockTrace
derby.locks.escalationThreshold
derby.locks.monitor
derby.locks.waitTimeout
derby.replication.logBufferSize
derby.replication.maxLogShippingInterval
derby.replication.minLogShippingInterval
derby.replication.verbose
derby.storage.indexStats.auto
derby.storage.indexStats.log
derby.storage.indexStats.trace
derby.storage.initialPages
derby.storage.minimumRecordSize
derby.storage.pageCacheSize
derby.storage.pageReservedSpace
derby.storage.pageSize
derby.storage.rowLocking
derby.storage.tempDirectory
derby.stream.error.extendedDiagSeverityLevel
derby.stream.error.field
derby.stream.error.file
derby.stream.error.logBootTrace
derby.stream.error.logSeverityLevel
derby.stream.error.method
derby.system.bootAll
derby.system.durability
derby.system.home
derby.user.UserName