[
https://issues.apache.org/jira/browse/LOG4J2-1699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierrick HYMBERT updated LOG4J2-1699:
-------------------------------------
Attachment: LOG4J2-1699-2.patch
Hello [~garydgregory],
Please consider this new patch, rebased on master:
# Finally understood the issue with attributes on jenkins, when
*createOnDemand*=false, definition of posix file attributes was not called and
user umask was applied as before (that's why it differed from my redhat for
example)
# As far as most of log4j users are using RollingFileAppender, this fix
propagates by default the log file defined permissions to rolled files,
compressed or not
# It is also now possible to define a filePermissions action within the rolling
strategy, ie have different permissions for current file and rolled files
# Moved defineFilePosixAttributeView to FileUtils class
# Add a test for fileOwner and fileGroup (that's fixed fileGroup)
# Add test for rolling files both scenarios (propagation of permissions to
rolled file + test of PosixViewAttributeAction)
Example of configurations:
{code:xml}
<RollingFile name="RollingFile2"
fileName="target/rollingpermissions1/test2.log"
filePattern="target/rollingpermissions1/test2-$${date:MM-dd-yyyy}-%i.log.gz"
filePermissions="rw-------">
<PatternLayout>
<Pattern>%m%n</Pattern>
</PatternLayout>
<SizeBasedTriggeringPolicy size="500" />
<DefaultRolloverStrategy stopCustomActionsOnError="true">
<PosixViewAttribute basePath="target/rollingpermissions1"
filePermissions="r--r--r--">
<IfFileName glob="*.gz" />
</PosixViewAttribute>
</DefaultRolloverStrategy>
</RollingFile>
{code}
mvn clean install tested on redhat, ubuntu and windows, hope it will not break
the build
> Configurable Log File Permissions with PosixFilePermission
> ----------------------------------------------------------
>
> Key: LOG4J2-1699
> URL: https://issues.apache.org/jira/browse/LOG4J2-1699
> Project: Log4j 2
> Issue Type: Question
> Components: Appenders
> Environment: Linux
> Reporter: Demetrios Dimatos
> Priority: Critical
> Labels: features
> Fix For: 2.9
>
> Attachments: LOG4J2-1699-2.patch, LOG4J2-1699.patch
>
> Original Estimate: 336h
> Remaining Estimate: 336h
>
> We would like to hear the communities thoughts on being able to configure the
> permissions log files are created with. We don't want to rely on UMASK
> because we have managed services who's process should generate logs with a
> 644 yet deployed applications by users should default to a 640 because the
> logs may contain sensitive information.
> We will make the modification and set this in the properties file. Now we are
> looking to see what the community position would be on accepting such a
> patch, we don't want to be patching our own distribution indefinitely.
> I searched all the JIRAs and was not able to find any matching requirements
> recently. All I could find was something dated in 2006:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=40407
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
