#32 Support for setting wrapper log file permissions

[Arushi Rai]

Wrapper log files are being generated with world-writable permissions, that is creating a security issue for our product.
I was looking at the supported configuration https://yajsw.sourceforge.io/YAJSW%20Configuration%20Parameters.html and came across wrapper.logfile.umask which is not yet implemented.
Can this be supported?
Is there any other way or property to accomplish this?

conf file snippet for wrapper log configuration:

#********************************************************************
# Wrapper Logging Properties
#********************************************************************


# Log Level for console output.  (See docs for log levels)
wrapper.console.loglevel=DEBUG

# Log file to use for wrapper output logging.
wrapper.logfile=${wrapper_home}/log/wrapper.log


# Maximum size that the log file will be allowed to grow to before
#  the log is rolled. Size is specified in bytes.  The default value
#  of 0, disables log rolling by size.  May abbreviate with the 'k' (kB) or
#  'm' (mB) suffix.  For example: 10m = 10 megabytes.
# If wrapper.logfile does not contain the string ROLLNUM it will be automatically added as suffix of the file name
wrapper.logfile.maxsize=10m

# Maximum number of rolled log files which will be allowed before old
#  files are deleted.  The default value of 0 implies no limit.
wrapper.logfile.maxfiles=10

Version: 12.15

[rzo]

logfile umask is supported. but it seems that the documentation has not been updated.
give it a try and let me know if there are any issues.

-- Ron

[Arushi Rai]

Sure @rzo let me give it a try and I will get back to you.

[Arushi Rai]

Hi @rzo,
Sorry for late follow up on this.

I tried the setting but it does not seem to be working and also I noticed the log directory is created with root user even though I have set the app account -

wrapper.app.account=users\test

log configuration:

#********************************************************************
# Wrapper Logging Properties
#********************************************************************

# Pipe the STD out to wrapper.log
wrapper.console.pipestreams=true

# Format of output for the log file.  (See docs for formats)
wrapper.logfile.format=LPTM

# Log Level for log file output.  (See docs for log levels)
wrapper.logfile.loglevel=DEBUG

# Log Level for console output.  (See docs for log levels)
wrapper.console.loglevel=DEBUG

wrapper.logfile.umask=022

# Log file to use for wrapper output logging.
wrapper.logfile=${wrapper_home}/log/wrapper.log

[Arushi Rai]

Hi @rzo,
Anything you suggest on this?

Thank you.

[john]

this seems to be a bug. thanks for reporting.
you can change in org.rzo.yajsw.log.MyFileHandler:

    public MyFileHandler(String pattern, int limit, int count, boolean append,
            PatternFormatter fileFormatter, Level logLevel, String encoding,
            boolean desc, int umask, boolean compress) throws IOException
    {
        _compress = compress;
        if (pattern.isEmpty())
        {
            throw new IllegalArgumentException("Pattern cannot be empty");
        }
        if (limit < 0 || count < 1)
        {
            throw new IllegalArgumentException("limit < 0 || count < 1");
        }
        this.desc = desc;
        this.umask = umask;
        if (encoding != null)
            setEncoding(encoding);
        setFormatter(fileFormatter);
        setLevel(logLevel);
        init(pattern, Boolean.valueOf(append), Integer.valueOf(limit),
                Integer.valueOf(count));
    }

and build wrapper.jar
(in yajsw/build/gradle exec build.bat)

the issue will be resolved in the next release 13.01

[Arushi Rai]

Thank you @john for looking into this.
I would like to avoid maintaining my own version of the library.
if possible, can you share time frame for 13.01 release?

[Arushi Rai]

Hi @rzo,
I see the 13.01 beta is released but any ETA on GA release?

[rzo]

Hello,
release 13.01 contains a beta release of groovy.
once a stable groovy 4 release is available and no known security issues are found a stable release of yajsw will be available.

-- Ron

[Arushi Rai]

Thank you @rzo

[Arushi Rai]

I used the latest 13.03, wrapper.logfile.umask is working as expected.
Thank you @rzo