[
https://issues.apache.org/jira/browse/LOG4J2-2238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16779751#comment-16779751
]
Ralph Goers commented on LOG4J2-2238:
-------------------------------------
You didn't really answer my question. The files are owned by root. Why would
you think a non-root user should have permission to do anything to them? I
could just as easily create a bug report against the mv command that it
shouldn't allow files owned by another user to be moved without explicit
permission. It basically feels like you want log4j to handle what was clearly a
mistake.
I should point out that if you didn't have the OnStartupTriggeringPolicy it is
quite possible that log4j would continue trying to write to that file, which of
course would fail. While the OnStartupTriggeringPolicy triggers a rollover at
startup the RollingAppenders don't assume any particular policy is in place. I
suspect if you added createOnDemand="true" to your appender definition you
would not encounter the problem.
> Insufficient Permissions Error when Rolling Log Files
> -----------------------------------------------------
>
> Key: LOG4J2-2238
> URL: https://issues.apache.org/jira/browse/LOG4J2-2238
> Project: Log4j 2
> Issue Type: Bug
> Components: Appenders
> Affects Versions: 2.9.1
> Environment: CentOS 6.6 (32-bit)
> Java 8u151 (32-bit)
> Reporter: Jeff Gullett
> Priority: Minor
> Labels: Linux, permissions, unix
> Fix For: 2.12.0
>
>
> I have an application utilizing Log4j2 using a rolling file appender. Within
> each appender, I set the log file permissions using the new "filePermissions"
> attribute to be 644 (rw-r--r--). If I run my application as "root", then try
> to run as any other user, I receive an error with the text (Note: ... ==
> "org.apache.log4j.core."):
> ERROR RollingFileManager (/var/log/myApp/Info.log)
> java.io.FileNotFoundException: /var/log/myApp/Info.log (Permission denied)
> java.io.FileNotFoundException: var/log.myApp/Info.log (Permission denied)
> at java.io.FileOutputStream.open0 (Native Method)
> at java.io.FileOutputStream.open(FileOutputStream.java:270)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
> at
> ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:640)
> at
> ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:608)
> at ...appender.AbstractManager.getManager(AbstractManager.java:113)
> at
> ...appender.OutputStreamManager.getManager(OutputStreamManager.java:188)
> ...
> My configuration file is like the following:
> {code:xml}
> <?xml version="1.0" encoding="utf-8"?>
> <Configuration>
> <Appenders>
> <RollingFile name="InfoLog" fileName="/var/log/myApp/Info.log"
> filePattern="/var/log/myApp/Info%d\{yyyy-MM-dd}.%i.log"
> filePermissions="rw-r--r--">
> <Policies>
> <OnStartupTriggeringPolicy />
> <TimeBasedTriggeringPolicy modulate="true" />
> <SizeBasedTriggeringPolicy size="16MB" />
> </Policies>
> <DefaultRolloverStrategy max="9999">
> <Delete basePath="/var/log/myApp">
> <IfLastModified age="365d" />
> </Delete>
> </DefaultRolloverStrategy>
> </RollingFile>
> </Appenders>
> <Loggers>
> <Rool level="debug">
> <AppenderRef ref="InfoLog" level="info" />
> </Root>
> </Loggers>
> </Configuration>
> {code}
> I have verified that the permissions on "/var/log/myApp" are 777 (rwxrwxrwx).
> I have also verified that as a non-root user, I am able to move an existing
> log file (e.g., "mv Info.log Info_Archive.log" works when running as non-root
> user, even though running my application as that user results in the
> aforementioned error). My expectation is that the file would be moved, a new
> file created, then the output stream opened. However, it appears from the
> error that the output stream is opened, then the log file renamed, and
> finally a new log file created and opened. A work-around for this issue is
> to create log files with 777 permissions, but I don't want to give all users
> full permission to my log files.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
