read permission to a file created by weblogic

we have our weblogic server . we deploy application in this server.Suppose I deploy an application Myapp.

this Myapp application creates a log file inside domain folder.this file is dynamically generated when applciation starts.My sys admin says he cannot give read persmission to this file , I am not a linux guy and want to know if there will be any trouble giving read permission to a file created by weblogic, which could be there or may not be there ?

suppose I delete Myapp from weblogic it also deletes the file so the file may be there or may not be there , in such case can a non admin user be given permissions to read this file ?

Did you write the app yourself? You could include a servlet that reads the log file and returns it to the browser.

Peter Johnson wrote:Did you write the app yourself? You could include a servlet that reads the log file and returns it to the browser.

I cannot log into production

ok here is my log4j

<appender name="A1" class="org.apache.log4j.ConsoleAppender">
<layout class="org.apache.log4j.PatternLayout">
Print the date in ISO 8601 format
<param name="ConversionPattern" value="%d [%t] %-5p %c - %m%n"/>
</layout>
</appender>

<appender name="A2" class="org.apache.log4j.RollingFileAppender">
<param name="File" value="[b]./log/audit.log"/> [/b]

<param name="Append" value="true"/>
<param name="MaxFileSize" value="500KB"/>
<param name="MaxBackupIndex" value="1"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d [%t] %-5p %c - %m%n"/>
</layout>
</appender>

so this would create a log4j some where inside weblogic. I just need read permission to this file.
About creating servlet I cannot do that becasue our app is an intranet app and everything is secured and I will not be given a user to access the servlet .

please tell me is it so difficult in linux to give read permissions ?

The only way you can get read permission to that log file is if the admin gives you that permission.

The only other possibility I can think of is to deploy an app that reads the log file. So if you cannot sign into MyApp, ask your admin if you can deploy another app that contains a servlet that reads the log file.

Another possibility is to ask the admin to write a script that periodically copies the log file into another location from where you can read the file.

Since you have access to the log4j configuration file, perhaps you could write the log file to another directory where you do have permissions to read the file?

If you change the log file location, make sure that it is not on a remote file system! That is, it should be to a location on the same system as WLS.

Peter Johnson wrote:The only way you can get read permission to that log file is if the admin gives you that permission.

The only other possibility I can think of is to deploy an app that reads the log file. So if you cannot sign into MyApp, ask your admin if you can deploy another app that contains a servlet that reads the log file.

Another possibility is to ask the admin to write a script that periodically copies the log file into another location from where you can read the file.

if admin gives me read permissions and suppose my app was deleted from weblogic so this file is also got deleted and next time my app starts it creates a new file, in this case will my read permission still work? , my admin says it will not

my admin says it will not

I get the feeling that you are trying to second guess your admin, or even prove him (or her) wrong.

If you tell your admin your requirements I am sure that he can come up with a solution whereby you can access the log file.

srini carry wrote:if admin gives me read permissions and suppose my app was deleted from weblogic so this file is also got deleted and next time my app starts it creates a new file, in this case will my read permission still work? , my admin says it will not

Your admin is almost certainly correct.

You probably want to tell your admin that according to your current configuration your log file gets replaced on a regular basis, and only one backup is kept. Given this, there is little the admin can do to the log file itself that will be of any good to you - whatever they do will be done to a logfile that will be rotated out in short order.

Normally I would do exactly what Peter is suggesting: give your admin your requirements and let them come up with a solution that meets their needs in having a secure, reliable environment. That is what admins are good at.

If I were in the position of the admin, I would be considering whether you could be added to the same group as the (pseudo) user that start WebLogic. That might fix the problem in the easiest manner with little difficulties. However there may be security issues related to that which might prevent that.

Have you told your admin that you have the ability to configure the location of the logfile? And perhaps equally importantly, that you can create more than one log file simultaneously in different locations?

Given that, I would consider having your application create an additional log file in a fixed directory that is separate from the WebLogic directory structure. As Peter mentions this should be on the same system as your Web Logic server. I would then set the group ID bit on this additional directory so that your applications log files are automatically owned by the group you belong to. Since this permission is being set on the directory, and the directory is external to WebLogic, it does not matter whether your application is deleted from the WLS container - it is the directory itself that matters.

I agree with Andrew... You should ask you admin to come up with a solution.