Change the permissions logfiles are created by Bitbucket
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
You might be using a tool that needs read access to the log file atlassian-bitbucket.log
.
For instance, it could be the case that the log file is currently being created with the following permission:
-rw-r----- 1 atlbitbucket atlbitbucket 7549127 Feb 19 14:52 atlassian-bitbucket.log
And it's needed for it to be created like:
-rw-r--r-- 1 atlbitbucket atlbitbucket 7549127 Feb 19 14:52 atlassian-bitbucket.log
Solution
The permissions of the files being created by the atlbitbucket
user are defined by the umask
this user has in your system. In the example above, you want to change from 0020 to 0022.
One option is to possibly overwrite the current umask by changing the following parameter in the _start-webapp.sh
file:
#
# Uncommenting the following will set the umask for the Atlassian Bitbucket application. If can be used to override
# the default settings of the Bitbucket user is they are not sufficiently secure.
#
# umask 0027
However, that will change the permission for all the files this user creates.
Another alternative is to work with ACL for the <STASH_HOME>/log
directory:
For example:
$ sudo setfacl -m d:o:r /var/atlassian/application-data/bitbucket/log
See explanation on:
A similar solution could be applied for different flavors of Linux.