Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

log4j generated file permission

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
guys,
a question.

i have a unix aix server running 4 processes.
3 batch processes, and 1 weblogic
each has its own user profile to run each process.
all has its own .profile file, but without umask setting
the default umask in /etc/profile is 022

this would mean that all generated files (including log4j log files) should have permission of -|rw-|r--|r-- (644)
this holds true for 3 profiles running batch jobs.
but the logs generated by a web application in weblogic server with log4j is always at -|rw-|r--|--- (640)
i already tried logging in as the weblogic user, and touched a file, to test the umask setting
the new file was generated at 644, so the umask is correct.

my question is, why the log4j for the web-application running in weblogic is always 640?
is there any way to do this in log4j? meaning to set a custom file permission from inside log4j..
all the other files besides log4j log files are generated fine with permission at 644..
only log4j log files are generated with permission at 640
 
Bartender
Posts: 11497
19
Android Google Web Toolkit Mac Eclipse IDE Ubuntu Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch.
I think this question would be more suitable on the Linux forum. Moving...
 
Adelwin Handoyo
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
found the answer already.
by default, weblogic's startWebLogic.sh is changing the umask
now, why would they do that...
 
author and jackaroo
Posts: 12200
280
Mac IntelliJ IDE Firefox Browser Oracle C++ Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
People have a nasty habit of putting far more information in the log files than they should have.

If you stuck with your default permissions, anyone who has access to the box will be able to read the log files, and read anything that any app put in it, no mater how confidential.

The permissions set by weblogic are far more logical - only the user who started weblogic can write to the log file (and hopefully the user running weblogic is the user named weblogic - a user specifically created for this task). However since some people may need to read the log file, then those specific individuals can be added to the weblogic group, and they can get to read the log files.
 
Saloon Keeper
Posts: 27933
198
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One reason that the WebLogic startup sets the umask is that Java historically has not been able to assign file security attributes (access rights, etc.). That's because Java is designe as "write once, run anywhere" and file access control is one of the least portable of all the popular OS services that Java has to deal with.

I believe it's Java 6 that finally relented and added some access control functionality. Or maybe Java 7. However, WebLogic carries its legacy from the older JVMs.
 
sunglasses are a type of coolness prosthetic. Check out the sunglasses on this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/t/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic