If you run with Java SE 7 or later, and if you start the
Network Server from the
command line, access to databases and to other files created by
is by default
restricted to the operating system account that started the Network Server. File
access is not restricted for embedded databases or for databases managed by
servers that are started programmatically inside application code using the
API.
You can override this default behavior by setting the system property
derby.storage.useDefaultFilePermissions to either true or false.
If you run with the Java SE 6 platform, this property is
ignored, and uses the
default file permissions the user has set for their system.
The two tables that follow show how file access works with Java SE 6 and with
Java SE 7 and later JVMs. In both tables,
- "Environment" means that access is controlled entirely by the JVM
environment and the file location only (that is, by the umask setting on UNIX
and Linux systems and by the default file permissions on Windows NTFS).
- "Restricted" means that
restricts access to the
operating system account that started the JVM.
The following table shows how file access works on Java SE 6 systems.
File access on Java SE 6 systems
This table shows how access to files is controlled on Java SE 6 systems.
Property Setting
Server Started from Command Line
Server Started Programmatically or Embedded
Not applicable
Environment
Environment
The following table shows how file access works on Java SE 7 and later
systems with various settings of the
derby.storage.useDefaultFilePermissions property.
File access on Java SE 7 and later systems
This table shows how access to files is controlled on Java SE 7 and later systems.
Property Setting
Server Started from Command Line
Server Started Programmatically or Embedded
No property specified
Restricted
Environment
Property set to true
Environment
Environment
Property set to false
Restricted
Restricted
For more information, see "Restricting file permissions" in the
.
Dynamic or static
Dynamic. Existing files will keep their previous permissions, but files
created after the property is set will have the permissions specified by the
property. If you want all the files in the database to have the same
permissions, do not change the property while
is running.
For information about dynamic changes to properties, see
.