Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2238

Insufficient Permissions Error when Rolling Log Files

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.9.1
    • Fix Version/s: 2.13.1
    • Component/s: Appenders
    • Environment:

      CentOS 6.6 (32-bit)
      Java 8u151 (32-bit)

      Description

      I have an application utilizing Log4j2 using a rolling file appender.  Within each appender, I set the log file permissions using the new "filePermissions" attribute to be 644 (rw-r-r-). If I run my application as "root", then try to run as any other user, I receive an error with the text (Note: ... == "org.apache.log4j.core."):

      ERROR RollingFileManager (/var/log/myApp/Info.log) java.io.FileNotFoundException: /var/log/myApp/Info.log (Permission denied) java.io.FileNotFoundException: var/log.myApp/Info.log (Permission denied)
              at java.io.FileOutputStream.open0 (Native Method)
              at java.io.FileOutputStream.open(FileOutputStream.java:270)
              at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
              at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
              at ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:640)
              at ...appender.rolling.RollingFileManager$RollingFileManagerFactory.createManager(RollingFileManager.java:608)
              at ...appender.AbstractManager.getManager(AbstractManager.java:113)
              at ...appender.OutputStreamManager.getManager(OutputStreamManager.java:188)
              ...

      My configuration file is like the following:

      <?xml version="1.0" encoding="utf-8"?>
      <Configuration>
        <Appenders>
          <RollingFile name="InfoLog" fileName="/var/log/myApp/Info.log" filePattern="/var/log/myApp/Info%d\{yyyy-MM-dd}.%i.log" filePermissions="rw-r--r--">
            <Policies>
              <OnStartupTriggeringPolicy />
              <TimeBasedTriggeringPolicy modulate="true" />
              <SizeBasedTriggeringPolicy size="16MB" />
            </Policies>
            <DefaultRolloverStrategy max="9999">
              <Delete basePath="/var/log/myApp">
                <IfLastModified age="365d" />
              </Delete>
            </DefaultRolloverStrategy>
          </RollingFile>
        </Appenders>
        <Loggers>
          <Rool level="debug">
            <AppenderRef ref="InfoLog" level="info" />
          </Root>
        </Loggers>
      </Configuration>
      

      I have verified that the permissions on "/var/log/myApp" are 777 (rwxrwxrwx).  I have also verified that as a non-root user, I am able to move an existing log file (e.g., "mv Info.log Info_Archive.log" works when running as non-root user, even though running my application as that user results in the aforementioned error).  My expectation is that the file would be moved, a new file created, then the output stream opened.  However, it appears from the error that the output stream is opened, then the log file renamed, and finally a new log file created and opened.  A work-around for this issue is to create log files with 777 permissions, but I don't want to give all users full permission to my log files.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Skippums Jeff Gullett
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: