log4j RollingFileAppender 创建的日志文件的权限

发布于 12-12 09:45 字数 1963 浏览 1 评论 0原文

RollingFileAppender 创建的文件的权限是如何确定的?

我最近更改了一个守护进程,我必须以非 root 用户身份运行,并且现在正在使用 0600 权限创建文件(仅所有者可读),但我希望它们是管理员组(06440640)的所有或至少成员可读。我的 tomcat 应用程序创建的文件始终是 0644 (所有人都可读)。

我不知道是否我无意中更改了其他内容,或者是否与该用户的权限有关。我将父目录 0777 作为测试,但它似乎没有帮助(它是 0755)。显然这没什么大不了的,因为我可以 sudo 来查看它们,但相当烦人,如果我必须让客户为我复制它们,这将是一个问题。

环境是 Ubuntu 10.04LTS,使用 jsvc/commons-daemon 来运行守护进程。如果重要的话,这里是我的 log4j 配置的基础知识:

<!DOCTYPE log4j:configuration SYSTEM 'log4j.dtd'>
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="true">

<appender name="StdOutAppender" class="org.apache.log4j.ConsoleAppender">
    <!-- only send error / fatal messages to console (catalina.out) -->
    <param name="threshold" value="${log4j.StdOutAppender.threshold}" />
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>

<appender name="TimeBasedRollingFileAppender" class="org.apache.log4j.rolling.RollingFileAppender">
    <param name="append" value="true" />
    <param name="encoding" value="UTF-8" />
    <param name="threshold" value="${log4j.TimeBasedRollingFileAppender.threshold}" />
    <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
        <param name="FileNamePattern" value="${cloud.daemon.log4j.file.config.path}.%d.gz" />
    </rollingPolicy>
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>
....

How are the permissions for files created by RollingFileAppender determined?

I recently changed a daemon process I have to be run as a non-root user and the files are now being created with permissions of 0600 (only readable by the owner), but I would like them to be readable by all or at least members of an admin group (0644 or 0640). Files created by my tomcat apps are always 0644 (readable by all).

I don't know if I inadvertently changed something else or if it is something to do with permissions of that user. I made the parent directory 0777 as a test and it didn't seem to help (it was 0755). Obviously not a big deal since I can sudo to look at them, but rather annoying and it will be a problem if I have to have a customer copy them for me.

Environment is Ubuntu 10.04LTS using jsvc/commons-daemon to run the daemon. In case it matters here is the basics on my log4j config:

<!DOCTYPE log4j:configuration SYSTEM 'log4j.dtd'>
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="true">

<appender name="StdOutAppender" class="org.apache.log4j.ConsoleAppender">
    <!-- only send error / fatal messages to console (catalina.out) -->
    <param name="threshold" value="${log4j.StdOutAppender.threshold}" />
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>

<appender name="TimeBasedRollingFileAppender" class="org.apache.log4j.rolling.RollingFileAppender">
    <param name="append" value="true" />
    <param name="encoding" value="UTF-8" />
    <param name="threshold" value="${log4j.TimeBasedRollingFileAppender.threshold}" />
    <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
        <param name="FileNamePattern" value="${cloud.daemon.log4j.file.config.path}.%d.gz" />
    </rollingPolicy>
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%5p %d{ISO8601} [%t][%x] %c - %m%n" />
        <!--%d{dd-MMM-yyyy HH:mm:ss.SSS} [%5p] %c{2}.%M [line:%L]: %m%n-->
    </layout>
</appender>
....

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

爱的十字路口2024-12-19 09:45:28

文件权限由用户的 umask 确定 - log4j 本身无法更改它。

您可能希望将用户的 umask 设置为 0117

$ umask -S 0117
u=rw,g=rw,o=

File permissions are determined by the user's umask - there's not a way to change it in log4j itself.

You probably want to set the user's umask to 0117

$ umask -S 0117
u=rw,g=rw,o=
提笔落墨2024-12-19 09:45:28

Log4J-core-2.9 将提供此功能 fileOwnerFileAppenderRollingFileAppender 中 posix 操作系统的 fileGroupfilePermissions 以及RollingRandomAccessFileManager

<RollingFile name="RollingFile"
             fileName="mylogs.log"
             filePattern="mylogs-${date:MM-dd-yyyy}-%i.log.7z"
             fileOwner="log4j"
             fileGroup="log4grp"
             filePermissions="rw-r-----">

Log4J-core-2.9 will provide this feature fileOwner, fileGroup and filePermissions for posix OS in FileAppender, RollingFileAppender and RollingRandomAccessFileManager:

<RollingFile name="RollingFile"
             fileName="mylogs.log"
             filePattern="mylogs-${date:MM-dd-yyyy}-%i.log.7z"
             fileOwner="log4j"
             fileGroup="log4grp"
             filePermissions="rw-r-----">
拥抱我好吗2024-12-19 09:45:28

我意识到这是一个老问题,但由于当我搜索这个问题时,这仍然是第一次点击...

您可以简单地子类 RollingFileAppender 并在第一次打开文件时设置文件的权限,像这样:

public class WorldWritableFileAppender extends RollingFileAppender {
    @Override
    public synchronized void setFile(String fileName, boolean append,
            boolean bufferedIO, int bufferSize) throws IOException {
        super.setFile(fileName, append, bufferedIO, bufferSize);
        File f = new File(fileName);
        if(f.exists()) {
            java.nio.file.Files.setPosixFilePermissions(f.toPath(), 
                    EnumSet.allOf(PosixFilePermission.class));
        }
    }
}

然后只需在 log4j.xml 中引用 WorldWritableFileAppender 而不是 RollingFileAppender 即可。

<appender name="name" class="path.to.WorldWritableFileAppender">

这是有效的,因为在最初设置记录器时以及在翻转后创建新文件时都会调用 setFile() 。使用 File.renameTo() 将旧文件移到一边,从而保留权限。

I realize this is an old question, but since it was the first hit still when I searched for this problem...

You can simply subclass RollingFileAppender and set the permission on the file when it is first opened, like this:

public class WorldWritableFileAppender extends RollingFileAppender {
    @Override
    public synchronized void setFile(String fileName, boolean append,
            boolean bufferedIO, int bufferSize) throws IOException {
        super.setFile(fileName, append, bufferedIO, bufferSize);
        File f = new File(fileName);
        if(f.exists()) {
            java.nio.file.Files.setPosixFilePermissions(f.toPath(), 
                    EnumSet.allOf(PosixFilePermission.class));
        }
    }
}

Then just reference WorldWritableFileAppender instead of RollingFileAppender in your log4j.xml.

<appender name="name" class="path.to.WorldWritableFileAppender">

This works because setFile() is called both when originally setting up the logger, and when creating a new file after rollover. The old file is moved aside with File.renameTo(), which preserves the permissions.

一百个冬季2024-12-19 09:45:28

log4j.properties 内部包括: log4j.appender.file.File=${user.home}/log
无论如何,这是我的配置,在控制台和文件“日志”中显示信息。

# Root logger option
log4j.rootLogger=DEBUG, stdout, file

# Redirect log messages to console
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n

# Redirect log messages to a log file, support file rolling.
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.File=${user.home}/test
log4j.appender.file.MaxFileSize=5MB
log4j.appender.file.MaxBackupIndex=10
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n

inside log4j.properties include this: log4j.appender.file.File=${user.home}/log
anyway, this is my configuration that show info in console and file "log".

# Root logger option
log4j.rootLogger=DEBUG, stdout, file

# Redirect log messages to console
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n

# Redirect log messages to a log file, support file rolling.
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.File=${user.home}/test
log4j.appender.file.MaxFileSize=5MB
log4j.appender.file.MaxBackupIndex=10
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
一袭白衣梦中忆2024-12-19 09:45:28

将其添加到您的 pom 文件中:

<plugin>                
  <groupId>
     org.springframework.boot</groupId>
  <artifactId>spring-boot-maven- plugin</artifactId>
 <configuration>
   <jvmArguments>
     -DUMASK="0022"
     -Dorg.apache.catalina.security.SecurityListener.UMASK="0022"
   </jvmArguments>
 </configuration>
</plugin>

Add this to your pom file:

<plugin>                
  <groupId>
     org.springframework.boot</groupId>
  <artifactId>spring-boot-maven- plugin</artifactId>
 <configuration>
   <jvmArguments>
     -DUMASK="0022"
     -Dorg.apache.catalina.security.SecurityListener.UMASK="0022"
   </jvmArguments>
 </configuration>
</plugin>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文