log4j RollingFileAppender创建的日志文件的权限 [英] Permissions on log files created by log4j RollingFileAppender

问题描述

如何确定由 RollingFileAppender 创建的文件的权限？

How are the permissions for files created by RollingFileAppender determined?

我最近更改了一个守护程序进程以非root用户身份运行，现在使用 0600 的权限创建文件（只有所有者可读），但我希望它们可以被管理组的全部或至少成员（ 0644 或 0640 ）。我的tomcat应用程序创建的文件总是 0644 （所有人都可读）。

I recently changed a daemon process I have to be run as a non-root user and the files are now being created with permissions of 0600 (only readable by the owner), but I would like them to be readable by all or at least members of an admin group (0644 or 0640). Files created by my tomcat apps are always 0644 (readable by all).

我不知道我是不是无意中改变了其他内容或者是否与该用户的权限有关。我将父目录 0777 作为测试，它似乎没有帮助（它是 0755 ）。显然没什么大不了的，因为我可以 sudo 来查看它们，但相当烦人，如果我必须让客户为我复制它，那将是一个问题。

I don't know if I inadvertently changed something else or if it is something to do with permissions of that user. I made the parent directory 0777 as a test and it didn't seem to help (it was 0755). Obviously not a big deal since I can sudo to look at them, but rather annoying and it will be a problem if I have to have a customer copy them for me.

环境是Ubuntu 10.04LTS，使用 jsvc / commons-daemon 来运行守护进程。如果重要的是我的 log4j 配置的基础知识：

Environment is Ubuntu 10.04LTS using jsvc/commons-daemon to run the daemon. In case it matters here is the basics on my log4j config:

<!DOCTYPE log4j:configuration SYSTEM 'log4j.dtd'>
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="true">

<appender name="StdOutAppender" class="org.apache.log4j.ConsoleAppender">
    <!-- only send error / fatal messages to console (catalina.out) -->
    <param name="threshold" value="${log4j.StdOutAppender.threshold}" />
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>

<appender name="TimeBasedRollingFileAppender" class="org.apache.log4j.rolling.RollingFileAppender">
    <param name="append" value="true" />
    <param name="encoding" value="UTF-8" />
    <param name="threshold" value="${log4j.TimeBasedRollingFileAppender.threshold}" />
    <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
        <param name="FileNamePattern" value="${cloud.daemon.log4j.file.config.path}.%d.gz" />
    </rollingPolicy>
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>
....

推荐答案

文件权限是由用户的umask决定 - 在log4j本身没有办法改变它。

File permissions are determined by the user's umask - there's not a way to change it in log4j itself.

你可能想把用户的umask设置为 0117

You probably want to set the user's umask to 0117

$ umask -S 0117
u=rw,g=rw,o=

这篇关于log4j RollingFileAppender创建的日志文件的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！