[
https://issues.apache.org/jira/browse/LOG4J2-2238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary Gregory updated LOG4J2-2238:
---------------------------------
Description:
I have an application utilizing Log4j2 using a rolling file appender. Within
each appender, I set the log file permissions using the new "filePermissions"
attribute to be 644 (rw-r--r--). If I run my application as "root", then try to
run as any other user, I receive an error with the text:
ERROR RollingFileManager (/var/log/myApp/Info.log)
java.io.FileNotFoundException: /var/log/myApp/Info.log (Permission denied)
java.io.FileNotFoundException: var/log.myApp/Info.log (Permission denied)
at java.io.FileOutputStream.open0 (Native Method)
at java.io.FileOutputStream.open(FileOutputStream.java:270)
at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
at
...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:640)
at
...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:608)
at ...appender.AbstractManager.getManager(AbstractManager.java:113)
at
...appender.OutputStreamManager.getManager(OutputStreamManager.java:188)
...
My configuration file is like the following:
{code:xml}
<?xml version="1.0" encoding="utf-8"?>
<Configuration>
<Appenders>
<RollingFile name="InfoLog" fileName="/var/log/myApp/Info.log"
filePattern="/var/log/myApp/Info%d\{yyyy-MM-dd}.%i.log"
filePermissions="rw-r-r-">
<Policies>
<OnStartupTriggeringPolicy />
<TimeBasedTriggeringPolicy modulate="true" />
<SizeBasedTriggeringPolicy size="16MB" />
</Policies>
<DefaultRolloverStrategy max="9999">
<Delete basePath="/var/log/myApp">
<IfLastModified age="365d" />
</Delete>
</DefaultRolloverStrategy>
</RollingFile>
</Appenders>
<Loggers>
<Rool level="debug">
<AppenderRef ref="InfoLog" level="info" />
</Root>
</Loggers>
</Configuration>
{code}
I have verified that the permissions on "/var/log/myApp" are 777 (rwxrwxrwx).
I have also verified that as a non-root user, I am able to move an existing log
file (e.g., "mv Info.log Info_Archive.log" works when running as non-root user,
even though running my application as that user results in the aforementioned
error). My expectation is that the file would be moved, a new file created,
then the output stream opened. However, it appears from the error that the
output stream is opened, then the log file renamed, and finally a new log file
created and opened. This issue is preventing me from assigning 777 permissions
to all log files, but I don't want to give all users full permission to my log
files.
was:
I have an application utilizing Log4j2 using a rolling file appender. Within
each appender, I set the log file permissions using the new "filePermissions"
attribute to be 644 (rw-r--r--). If I run my application as "root", then try to
run as any other user, I receive an error with the text:
ERROR RollingFileManager (/var/log/myApp/Info.log)
java.io.FileNotFoundException: /var/log/myApp/Info.log (Permission denied)
java.io.FileNotFoundException: var/log.myApp/Info.log (Permission denied)
at java.io.FileOutputStream.open0 (Native Method)
at java.io.FileOutputStream.open(FileOutputStream.java:270)
at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
at
...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:640)
at
...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:608)
at ...appender.AbstractManager.getManager(AbstractManager.java:113)
at
...appender.OutputStreamManager.getManager(OutputStreamManager.java:188)
...
My configuration file is like the following:
<?xml version="1.0" encoding="utf-8"?>
<Configuration>
<Appenders>
<RollingFile name="InfoLog" fileName="/var/log/myApp/Info.log"
filePattern="/var/log/myApp/Info%d\{yyyy-MM-dd}.%i.log"
filePermissions="rw-r-r-">
<Policies>
<OnStartupTriggeringPolicy />
<TimeBasedTriggeringPolicy modulate="true" />
<SizeBasedTriggeringPolicy size="16MB" />
</Policies>
<DefaultRolloverStrategy max="9999">
<Delete basePath="/var/log/myApp">
<IfLastModified age="365d" />
</Delete>
</DefaultRolloverStrategy>
</RollingFile>
</Appenders>
<Loggers>
<Rool level="debug">
<AppenderRef ref="InfoLog" level="info" />
</Root>
</Loggers>
</Configuration>
I have verified that the permissions on "/var/log/myApp" are 777 (rwxrwxrwx).
I have also verified that as a non-root user, I am able to move an existing log
file (e.g., "mv Info.log Info_Archive.log" works when running as non-root user,
even though running my application as that user results in the aforementioned
error). My expectation is that the file would be moved, a new file created,
then the output stream opened. However, it appears from the error that the
output stream is opened, then the log file renamed, and finally a new log file
created and opened. This issue is preventing me from assigning 777 permissions
to all log files, but I don't want to give all users full permission to my log
files.
> Insufficient Permissions Error when Rolling Log Files
> -----------------------------------------------------
>
> Key: LOG4J2-2238
> URL: https://issues.apache.org/jira/browse/LOG4J2-2238
> Project: Log4j 2
> Issue Type: Bug
> Components: Appenders
> Affects Versions: 2.9.1
> Environment: CentOS 6.6 (32-bit)
> Java 8u151 (32-bit)
> Reporter: Jeff Gullett
> Priority: Minor
> Labels: Linux, permissions, unix
> Fix For: 2.11.0
>
>
> I have an application utilizing Log4j2 using a rolling file appender. Within
> each appender, I set the log file permissions using the new "filePermissions"
> attribute to be 644 (rw-r--r--). If I run my application as "root", then try
> to run as any other user, I receive an error with the text:
> ERROR RollingFileManager (/var/log/myApp/Info.log)
> java.io.FileNotFoundException: /var/log/myApp/Info.log (Permission denied)
> java.io.FileNotFoundException: var/log.myApp/Info.log (Permission denied)
> at java.io.FileOutputStream.open0 (Native Method)
> at java.io.FileOutputStream.open(FileOutputStream.java:270)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
> at
> ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:640)
> at
> ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:608)
> at ...appender.AbstractManager.getManager(AbstractManager.java:113)
> at
> ...appender.OutputStreamManager.getManager(OutputStreamManager.java:188)
> ...
> My configuration file is like the following:
> {code:xml}
> <?xml version="1.0" encoding="utf-8"?>
> <Configuration>
> <Appenders>
> <RollingFile name="InfoLog" fileName="/var/log/myApp/Info.log"
> filePattern="/var/log/myApp/Info%d\{yyyy-MM-dd}.%i.log"
> filePermissions="rw-r-r-">
> <Policies>
> <OnStartupTriggeringPolicy />
> <TimeBasedTriggeringPolicy modulate="true" />
> <SizeBasedTriggeringPolicy size="16MB" />
> </Policies>
> <DefaultRolloverStrategy max="9999">
> <Delete basePath="/var/log/myApp">
> <IfLastModified age="365d" />
> </Delete>
> </DefaultRolloverStrategy>
> </RollingFile>
> </Appenders>
> <Loggers>
> <Rool level="debug">
> <AppenderRef ref="InfoLog" level="info" />
> </Root>
> </Loggers>
> </Configuration>
> {code}
> I have verified that the permissions on "/var/log/myApp" are 777 (rwxrwxrwx).
> I have also verified that as a non-root user, I am able to move an existing
> log file (e.g., "mv Info.log Info_Archive.log" works when running as non-root
> user, even though running my application as that user results in the
> aforementioned error). My expectation is that the file would be moved, a new
> file created, then the output stream opened. However, it appears from the
> error that the output stream is opened, then the log file renamed, and
> finally a new log file created and opened. This issue is preventing me from
> assigning 777 permissions to all log files, but I don't want to give all
> users full permission to my log files.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
