Permissions on log files created by log4j RollingFileAppender

java log4j file-permissions rollingfileappender
Ken Waln picture Ken Waln · Oct 25, 2011 · Viewed 33.4k times · Source

How are the permissions for files created by RollingFileAppender determined?

I recently changed a daemon process I have to be run as a non-root user and the files are now being created with permissions of 0600 (only readable by the owner), but I would like them to be readable by all or at least members of an admin group (0644 or 0640). Files created by my tomcat apps are always 0644 (readable by all).

I don't know if I inadvertently changed something else or if it is something to do with permissions of that user. I made the parent directory 0777 as a test and it didn't seem to help (it was 0755). Obviously not a big deal since I can sudo to look at them, but rather annoying and it will be a problem if I have to have a customer copy them for me.

Environment is Ubuntu 10.04LTS using jsvc/commons-daemon to run the daemon. In case it matters here is the basics on my log4j config:

<!DOCTYPE log4j:configuration SYSTEM 'log4j.dtd'>
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="true">

<appender name="StdOutAppender" class="org.apache.log4j.ConsoleAppender">
    <!-- only send error / fatal messages to console (catalina.out) -->
    <param name="threshold" value="${log4j.StdOutAppender.threshold}" />
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>

<appender name="TimeBasedRollingFileAppender" class="org.apache.log4j.rolling.RollingFileAppender">
    <param name="append" value="true" />
    <param name="encoding" value="UTF-8" />
    <param name="threshold" value="${log4j.TimeBasedRollingFileAppender.threshold}" />
    <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
        <param name="FileNamePattern" value="${cloud.daemon.log4j.file.config.path}.%d.gz" />
    </rollingPolicy>
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>
....

Answer

Brian Roach picture Brian Roach · Oct 25, 2011

File permissions are determined by the user's umask - there's not a way to change it in log4j itself.

You probably want to set the user's umask to 0117

$ umask -S 0117
u=rw,g=rw,o=

Related questions

No appenders could be found for logger(log4j)?

I have put log4j to my buildpath, but I get the following message when I run my application: log4j:WARN No appenders could be found for logger (dao.hsqlmanager). log4j:WARN Please initialize the log4j system …

Read More
Where should I put the log4j.properties file?

I wrote a web service project using netbeans 6.7.1 with glassfish v2.1, put log4j.properties to the root dir of project and use: static Logger logger = Logger.getLogger(MyClass.class); in Constructor: PropertyConfigurator.configure("log4j.properties"); and in functions: …

Read More
log4j:WARN No appenders could be found for logger in web.xml

I already put the log4jConfigLocation in web.xml, but I still get the following warning: log4j:WARN No appenders could be found for logger ⤦ ⤥ (org.springframework.web.context.ContextLoader). log4j:WARN Please initialize the log4j system …

Read More