Apache Tomcat logging default permissions

Question

I'm wondering if there's any way to set default file permissions of the logs created using Tomcat's logging.properties files? My logging.properties file looks like this:

handlers = java.util.Logging.FileHandler

java.util.logging.FileHandler.level = INFO
java.util.logging.FileHandler.pattern = /var/lib/<TOMCAT INSTANCE>/logs/system.log
java.util.logging.FileHandler.limit = 2097152
java.util.logging.FileHandler.count = 50
java.util.logging.FileHandler.formatter = java.util.Logging.SimpleFormatter

I want all logs that are created to have file permissions of 640, however after reading some documentation about FileHandler and other alternatives, I'm not sure this is possible.

Any help/direction would be greatly appreciated!

Thanks for your time.

Answer 1

I spent a long time searching for this today, so I'm posting my solution to this old ticket. I am working from a Linux install, which I believe is what the original poster was also using.

In Tomcat 8.5, this is controlled with the environment variable UMASK. If this variable is not set when Tomcat is started, then Tomcat will set the umask to 0027, so that files have the permissions (rw-r-----). You can see this logic for this in Tomcat's bin/catalina.sh file.

This solution is different from pksiazek's solution because it does not involve editing any of Tomcat's scripts, in case that is a concern. It is the same as pksiazek's solution in that it will affect all files created by Tomcat, not just log files.

For anyone not as familiar with how umask values map to file permissions, you may find a Umask calculator helpful. Here's one: http://www.webune.com/forums/umask-calculator.html