How to set permissions on Jira log files to allow read access for external log monitoring tools
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Purpose
By default, JIRA log files permissions do not allow any other users but installation owner the read access. This prevents connecting external log monitoring tools to log files.
Solution
The permissions on log files are governed by Tomcat configuration. By default, Tomcat is using umask as 0027 as default file permissions, which will not allow "others" group the read access to log files. This can be overridden in Tomcat by modifying setenv.sh file and adding the following on the next line after JVM_SUPPORT_RECOMMENDED_ARGS=""
JVM_SUPPORT_RECOMMENDED_ARGS="" export UMASK=0022
This will tell Tomcat to use a different umask when starting up:
-rw-r--r--
In certain cases, depending on your OS version, the export command might not be enough and you might need use the following command instead in setenv.sh:
umask 0022
All new files created should have read access for "others" group in permissions. For existing files, you need to update the permissions explicitly or delete them to allow the systems to recreate them with new permissions.