Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Code Block
Path file = new File("file").toPath();

// Throw exception rather than overwrite existing file
Set<OpenOption> options = new HashSet<OpenOption>();

// File permissions should be such that only user may read/write file
Set<PosixFilePermission> perms =
FileAttribute<Set<PosixFilePermission>> attr =

try (SeekableByteChannel sbc =
         Files.newByteChannel(file, options, attr)) {
  // Write data


FIO01-J-EX0: When a file is created inside a directory that is both secure and unreadable by untrusted users, that file may be created with the default access permissions. This could be the case if, for example, the entire file system is trusted or is accessible only to trusted users (see FIO00-J. Do not operate on files in shared directories for the definition of a secure directory).

FIO01-J-EX1: Files that do not contain privileged information need not be created with specific access permissions.


SEI CERT C++ Coding Standard

VOID FIO06-CPP. Create files with appropriate access permissions

SEI CERT C Coding Standard

FIO06-C. Create files with appropriate access permissions

ISO/IEC TR 24772:2010

Missing or Inconsistent Access Control [XZN]


CWE-279, Incorrect Execution-Assigned Permissions
CWE-276, Incorrect Default Permissions
CWE-732, Incorrect Permission Assignment for Critical Resource