| Author |
log4j generated file permission
|
Adelwin Handoyo
Greenhorn
Joined: Oct 19, 2011
Posts: 2
|
|
guys,
a question.
i have a unix aix server running 4 processes.
3 batch processes, and 1 weblogic
each has its own user profile to run each process.
all has its own .profile file, but without umask setting
the default umask in /etc/profile is 022
this would mean that all generated files (including log4j log files) should have permission of -|rw-|r--|r-- (644)
this holds true for 3 profiles running batch jobs.
but the logs generated by a web application in weblogic server with log4j is always at -|rw-|r--|--- (640)
i already tried logging in as the weblogic user, and touched a file, to test the umask setting
the new file was generated at 644, so the umask is correct.
my question is, why the log4j for the web-application running in weblogic is always 640?
is there any way to do this in log4j? meaning to set a custom file permission from inside log4j..
all the other files besides log4j log files are generated fine with permission at 644..
only log4j log files are generated with permission at 640
|
 |
Maneesh Godbole
Saloon Keeper
Joined: Jul 26, 2007
Posts: 7602
|
|
Welcome to the Ranch.
I think this question would be more suitable on the Linux forum. Moving...
|
[Donate a pint, save a life!] [How to ask questions]
|
|
Adelwin Handoyo
Greenhorn
Joined: Oct 19, 2011
Posts: 2
|
|
found the answer already.
by default, weblogic's startWebLogic.sh is changing the umask
now, why would they do that...
|
|
Andrew Monkhouse
author and jackaroo
Marshal Commander
Joined: Mar 28, 2003
Posts: 9982
|
|
People have a nasty habit of putting far more information in the log files than they should have.
If you stuck with your default permissions, anyone who has access to the box will be able to read the log files, and read anything that any app put in it, no mater how confidential.
The permissions set by weblogic are far more logical - only the user who started weblogic can write to the log file (and hopefully the user running weblogic is the user named weblogic - a user specifically created for this task). However since some people may need to read the log file, then those specific individuals can be added to the weblogic group, and they can get to read the log files.
|
The Sun Certified Java Developer Exam with J2SE 5: paper version from Amazon, PDF from Apress, Online reference: Books 24x7 Personal blog
|
|
Tim Holloway
Saloon Keeper
Joined: Jun 25, 2001
Posts: 12513
|
|
One reason that the WebLogic startup sets the umask is that Java historically has not been able to assign file security attributes (access rights, etc.). That's because Java is designe as "write once, run anywhere" and file access control is one of the least portable of all the popular OS services that Java has to deal with.
I believe it's Java 6 that finally relented and added some access control functionality. Or maybe Java 7. However, WebLogic carries its legacy from the older JVMs.
|
One of the most odious afflictions that Business has inflicted on the modern English language is "pro-active". Most of the time it's simply redundantly used in place of the simple old word "active". And a good deal of the rest of the time it means "You're not overworked enough yet, so go out and find more!"
|
|
 |
|
|
subject: log4j generated file permission
|
|
|
0
