Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2238

Insufficient Permissions Error when Rolling Log Files



    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.9.1
    • 2.13.1
    • Appenders
    • CentOS 6.6 (32-bit)
      Java 8u151 (32-bit)


      I have an application utilizing Log4j2 using a rolling file appender.  Within each appender, I set the log file permissions using the new "filePermissions" attribute to be 644 (rw-r-r-). If I run my application as "root", then try to run as any other user, I receive an error with the text (Note: ... == "org.apache.log4j.core."):

      ERROR RollingFileManager (/var/log/myApp/Info.log) java.io.FileNotFoundException: /var/log/myApp/Info.log (Permission denied) java.io.FileNotFoundException: var/log.myApp/Info.log (Permission denied)
              at java.io.FileOutputStream.open0 (Native Method)
              at java.io.FileOutputStream.open(FileOutputStream.java:270)
              at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
              at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
              at ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:640)
              at ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:608)
              at ...appender.AbstractManager.getManager(AbstractManager.java:113)
              at ...appender.OutputStreamManager.getManager(OutputStreamManager.java:188)

      My configuration file is like the following:

      <?xml version="1.0" encoding="utf-8"?>
          <RollingFile name="InfoLog" fileName="/var/log/myApp/Info.log" filePattern="/var/log/myApp/Info%d\{yyyy-MM-dd}.%i.log" filePermissions="rw-r--r--">
              <OnStartupTriggeringPolicy />
              <TimeBasedTriggeringPolicy modulate="true" />
              <SizeBasedTriggeringPolicy size="16MB" />
            <DefaultRolloverStrategy max="9999">
              <Delete basePath="/var/log/myApp">
                <IfLastModified age="365d" />
          <Rool level="debug">
            <AppenderRef ref="InfoLog" level="info" />

      I have verified that the permissions on "/var/log/myApp" are 777 (rwxrwxrwx).  I have also verified that as a non-root user, I am able to move an existing log file (e.g., "mv Info.log Info_Archive.log" works when running as non-root user, even though running my application as that user results in the aforementioned error).  My expectation is that the file would be moved, a new file created, then the output stream opened.  However, it appears from the error that the output stream is opened, then the log file renamed, and finally a new log file created and opened.  A work-around for this issue is to create log files with 777 permissions, but I don't want to give all users full permission to my log files.


        Issue Links



              Unassigned Unassigned
              Skippums Jeff Gullett
              0 Vote for this issue
              2 Start watching this issue