How to set permissions on Jira log files to allow read access for external log monitoring tools

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.





Purpose

By default, JIRA log files permissions do not allow any other users but installation owner the read access. This prevents connecting external log monitoring tools to log files. 

Solution

The permissions on log files are governed by Tomcat configuration. By default, Tomcat is using umask as 0027 as default file permissions, which will not allow "others" group the read access to log files. This can be overridden in Tomcat by modifying setenv.sh file and adding the following on the next line after JVM_SUPPORT_RECOMMENDED_ARGS=""

JVM_SUPPORT_RECOMMENDED_ARGS=""
export UMASK=0022

This will tell Tomcat to use a different umask when starting up:

-rw-rw-r--

In certain cases, depending on your OS version, the export command might not be enough and you might need use the following command instead in setenv.sh:

umask 0022

All new files created should have read access for "others" group in permissions. For existing files, you need to update the permissions explicitly or delete them to allow the systems to recreate them with new permissions.





Last modified on Jul 1, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.