Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2238

Insufficient Permissions Error when Rolling Log Files

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.9.1
    • 2.13.1
    • Appenders

    • CentOS 6.6 (32-bit)
      Java 8u151 (32-bit)

    Description

      I have an application utilizing Log4j2 using a rolling file appender.  Within each appender, I set the log file permissions using the new "filePermissions" attribute to be 644 (rw-r-r-). If I run my application as "root", then try to run as any other user, I receive an error with the text (Note: ... == "org.apache.log4j.core."):

      ERROR RollingFileManager (/var/log/myApp/Info.log) java.io.FileNotFoundException: /var/log/myApp/Info.log (Permission denied) java.io.FileNotFoundException: var/log.myApp/Info.log (Permission denied)
              at java.io.FileOutputStream.open0 (Native Method)
              at java.io.FileOutputStream.open(FileOutputStream.java:270)
              at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
              at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
              at ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:640)
              at ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:608)
              at ...appender.AbstractManager.getManager(AbstractManager.java:113)
              at ...appender.OutputStreamManager.getManager(OutputStreamManager.java:188)
              ...

      My configuration file is like the following:

      <?xml version="1.0" encoding="utf-8"?>
<Configuration>
  <Appenders>
    <RollingFile name="InfoLog" fileName="/var/log/myApp/Info.log" filePattern="/var/log/myApp/Info%d\{yyyy-MM-dd}.%i.log" filePermissions="rw-r--r--">
      <Policies>
        <OnStartupTriggeringPolicy />
        <TimeBasedTriggeringPolicy modulate="true" />
        <SizeBasedTriggeringPolicy size="16MB" />
      </Policies>
      <DefaultRolloverStrategy max="9999">
        <Delete basePath="/var/log/myApp">
          <IfLastModified age="365d" />
        </Delete>
      </DefaultRolloverStrategy>
    </RollingFile>
  </Appenders>
  <Loggers>
    <Rool level="debug">
      <AppenderRef ref="InfoLog" level="info" />
    </Root>
  </Loggers>
</Configuration>

      I have verified that the permissions on "/var/log/myApp" are 777 (rwxrwxrwx).  I have also verified that as a non-root user, I am able to move an existing log file (e.g., "mv Info.log Info_Archive.log" works when running as non-root user, even though running my application as that user results in the aforementioned error).  My expectation is that the file would be moved, a new file created, then the output stream opened.  However, it appears from the error that the output stream is opened, then the log file renamed, and finally a new log file created and opened.  A work-around for this issue is to create log files with 777 permissions, but I don't want to give all users full permission to my log files.

      Attachments

        Issue Links

        relates to

        Bug - A problem which impairs or prevents the functions of the product. LOG4J2-2759 RollingFile does not roll with createOnDemand=true

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            Skippums Jeff Gullett
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment