Search code examples
javalog4jfile-permissionsrollingfileappender

Permissions on log files created by log4j RollingFileAppender

How are the permissions for files created by RollingFileAppender determined?

I recently changed a daemon process I have to be run as a non-root user and the files are now being created with permissions of 0600 (only readable by the owner), but I would like them to be readable by all or at least members of an admin group (0644 or 0640). Files created by my tomcat apps are always 0644 (readable by all).

I don't know if I inadvertently changed something else or if it is something to do with permissions of that user. I made the parent directory 0777 as a test and it didn't seem to help (it was 0755). Obviously not a big deal since I can sudo to look at them, but rather annoying and it will be a problem if I have to have a customer copy them for me.

Environment is Ubuntu 10.04LTS using jsvc/commons-daemon to run the daemon. In case it matters here is the basics on my log4j config:

<!DOCTYPE log4j:configuration SYSTEM 'log4j.dtd'>
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="true">

<appender name="StdOutAppender" class="org.apache.log4j.ConsoleAppender">
    <!-- only send error / fatal messages to console (catalina.out) -->
    <param name="threshold" value="${log4j.StdOutAppender.threshold}" />
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>

<appender name="TimeBasedRollingFileAppender" class="org.apache.log4j.rolling.RollingFileAppender">
    <param name="append" value="true" />
    <param name="encoding" value="UTF-8" />
    <param name="threshold" value="${log4j.TimeBasedRollingFileAppender.threshold}" />
    <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
        <param name="FileNamePattern" value="${cloud.daemon.log4j.file.config.path}.%d.gz" />
    </rollingPolicy>
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>
....
Solution

  • File permissions are determined by the user's umask - there's not a way to change it in log4j itself.

    You probably want to set the user's umask to 0117

    $ umask -S 0117
u=rw,g=rw,o=