File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Linux / UNIX and the fly likes log4j generated file permission Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Linux / UNIX
Bookmark "log4j generated file permission" Watch "log4j generated file permission" New topic

log4j generated file permission

Adelwin Handoyo

Joined: Oct 19, 2011
Posts: 2
a question.

i have a unix aix server running 4 processes.
3 batch processes, and 1 weblogic
each has its own user profile to run each process.
all has its own .profile file, but without umask setting
the default umask in /etc/profile is 022

this would mean that all generated files (including log4j log files) should have permission of -|rw-|r--|r-- (644)
this holds true for 3 profiles running batch jobs.
but the logs generated by a web application in weblogic server with log4j is always at -|rw-|r--|--- (640)
i already tried logging in as the weblogic user, and touched a file, to test the umask setting
the new file was generated at 644, so the umask is correct.

my question is, why the log4j for the web-application running in weblogic is always 640?
is there any way to do this in log4j? meaning to set a custom file permission from inside log4j..
all the other files besides log4j log files are generated fine with permission at 644..
only log4j log files are generated with permission at 640
Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10825

Welcome to the Ranch.
I think this question would be more suitable on the Linux forum. Moving...

[How to ask questions] [Donate a pint, save a life!] [Onff-turn it on!]
Adelwin Handoyo

Joined: Oct 19, 2011
Posts: 2
found the answer already.
by default, weblogic's is changing the umask
now, why would they do that...
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 11778

People have a nasty habit of putting far more information in the log files than they should have.

If you stuck with your default permissions, anyone who has access to the box will be able to read the log files, and read anything that any app put in it, no mater how confidential.

The permissions set by weblogic are far more logical - only the user who started weblogic can write to the log file (and hopefully the user running weblogic is the user named weblogic - a user specifically created for this task). However since some people may need to read the log file, then those specific individuals can be added to the weblogic group, and they can get to read the log files.

The Sun Certified Java Developer Exam with J2SE 5: paper version from Amazon, PDF from Apress, Online reference: Books 24x7 Personal blog
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17417

One reason that the WebLogic startup sets the umask is that Java historically has not been able to assign file security attributes (access rights, etc.). That's because Java is designe as "write once, run anywhere" and file access control is one of the least portable of all the popular OS services that Java has to deal with.

I believe it's Java 6 that finally relented and added some access control functionality. Or maybe Java 7. However, WebLogic carries its legacy from the older JVMs.

An IDE is no substitute for an Intelligent Developer.
I agree. Here's the link:
subject: log4j generated file permission
It's not a secret anymore!