Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

log4j generated file permission

 
Adelwin Handoyo
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
guys,
a question.

i have a unix aix server running 4 processes.
3 batch processes, and 1 weblogic
each has its own user profile to run each process.
all has its own .profile file, but without umask setting
the default umask in /etc/profile is 022

this would mean that all generated files (including log4j log files) should have permission of -|rw-|r--|r-- (644)
this holds true for 3 profiles running batch jobs.
but the logs generated by a web application in weblogic server with log4j is always at -|rw-|r--|--- (640)
i already tried logging in as the weblogic user, and touched a file, to test the umask setting
the new file was generated at 644, so the umask is correct.

my question is, why the log4j for the web-application running in weblogic is always 640?
is there any way to do this in log4j? meaning to set a custom file permission from inside log4j..
all the other files besides log4j log files are generated fine with permission at 644..
only log4j log files are generated with permission at 640
 
Maneesh Godbole
Saloon Keeper
Posts: 11178
15
Android Eclipse IDE Google Web Toolkit Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch.
I think this question would be more suitable on the Linux forum. Moving...
 
Adelwin Handoyo
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
found the answer already.
by default, weblogic's startWebLogic.sh is changing the umask
now, why would they do that...
 
Andrew Monkhouse
author and jackaroo
Marshal Commander
Pie
Posts: 11943
212
C++ Firefox Browser IntelliJ IDE Java Mac Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
People have a nasty habit of putting far more information in the log files than they should have.

If you stuck with your default permissions, anyone who has access to the box will be able to read the log files, and read anything that any app put in it, no mater how confidential.

The permissions set by weblogic are far more logical - only the user who started weblogic can write to the log file (and hopefully the user running weblogic is the user named weblogic - a user specifically created for this task). However since some people may need to read the log file, then those specific individuals can be added to the weblogic group, and they can get to read the log files.
 
Tim Holloway
Saloon Keeper
Posts: 18302
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One reason that the WebLogic startup sets the umask is that Java historically has not been able to assign file security attributes (access rights, etc.). That's because Java is designe as "write once, run anywhere" and file access control is one of the least portable of all the popular OS services that Java has to deal with.

I believe it's Java 6 that finally relented and added some access control functionality. Or maybe Java 7. However, WebLogic carries its legacy from the older JVMs.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic