[
https://issues.apache.org/jira/browse/LOG4J2-2238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16779733#comment-16779733
]
Jeff Gullett commented on LOG4J2-2238:
--------------------------------------
Because all Log4j needs to do is roll (e.g., move) the files, which it DOES
have permission to do. Why is Log4j trying to open the log files (owned by
root) for write, then close them, then move them, then create a new file?
Instead, Log4j should immediately move the files (which it has permission to
do), without trying to open them for write first. Does this explain the
situation better, or is the issue still unclear?
> Insufficient Permissions Error when Rolling Log Files
> -----------------------------------------------------
>
> Key: LOG4J2-2238
> URL: https://issues.apache.org/jira/browse/LOG4J2-2238
> Project: Log4j 2
> Issue Type: Bug
> Components: Appenders
> Affects Versions: 2.9.1
> Environment: CentOS 6.6 (32-bit)
> Java 8u151 (32-bit)
> Reporter: Jeff Gullett
> Priority: Minor
> Labels: Linux, permissions, unix
> Fix For: 2.12.0
>
>
> I have an application utilizing Log4j2 using a rolling file appender. Within
> each appender, I set the log file permissions using the new "filePermissions"
> attribute to be 644 (rw-r--r--). If I run my application as "root", then try
> to run as any other user, I receive an error with the text (Note: ... ==
> "org.apache.log4j.core."):
> ERROR RollingFileManager (/var/log/myApp/Info.log)
> java.io.FileNotFoundException: /var/log/myApp/Info.log (Permission denied)
> java.io.FileNotFoundException: var/log.myApp/Info.log (Permission denied)
> at java.io.FileOutputStream.open0 (Native Method)
> at java.io.FileOutputStream.open(FileOutputStream.java:270)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
> at
> ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:640)
> at
> ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:608)
> at ...appender.AbstractManager.getManager(AbstractManager.java:113)
> at
> ...appender.OutputStreamManager.getManager(OutputStreamManager.java:188)
> ...
> My configuration file is like the following:
> {code:xml}
> <?xml version="1.0" encoding="utf-8"?>
> <Configuration>
> <Appenders>
> <RollingFile name="InfoLog" fileName="/var/log/myApp/Info.log"
> filePattern="/var/log/myApp/Info%d\{yyyy-MM-dd}.%i.log"
> filePermissions="rw-r--r--">
> <Policies>
> <OnStartupTriggeringPolicy />
> <TimeBasedTriggeringPolicy modulate="true" />
> <SizeBasedTriggeringPolicy size="16MB" />
> </Policies>
> <DefaultRolloverStrategy max="9999">
> <Delete basePath="/var/log/myApp">
> <IfLastModified age="365d" />
> </Delete>
> </DefaultRolloverStrategy>
> </RollingFile>
> </Appenders>
> <Loggers>
> <Rool level="debug">
> <AppenderRef ref="InfoLog" level="info" />
> </Root>
> </Loggers>
> </Configuration>
> {code}
> I have verified that the permissions on "/var/log/myApp" are 777 (rwxrwxrwx).
> I have also verified that as a non-root user, I am able to move an existing
> log file (e.g., "mv Info.log Info_Archive.log" works when running as non-root
> user, even though running my application as that user results in the
> aforementioned error). My expectation is that the file would be moved, a new
> file created, then the output stream opened. However, it appears from the
> error that the output stream is opened, then the log file renamed, and
> finally a new log file created and opened. A work-around for this issue is
> to create log files with 777 permissions, but I don't want to give all users
> full permission to my log files.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
