How to set permissions on Jira log files to allow read access for external log monitoring tools
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
目的
By default, JIRA log files permissions do not allow any other users but installation owner the read access. This prevents connecting external log monitoring tools to log files.
ソリューション
The permissions on log files are governed by Tomcat configuration. By default, Tomcat is using umask as 0027 as default file permissions, which will not allow "others" group the read access to log files. This can be overridden in Tomcat by modifying setenv.sh file and adding the following on the next line after JVM_SUPPORT_RECOMMENDED_ARGS=""
JVM_SUPPORT_RECOMMENDED_ARGS="" export UMASK=0022
This will tell Tomcat to use a different umask when starting up:
-rw-r--r--
In certain cases, depending on your OS version, the export command might not be enough and you might need use the following command instead in setenv.sh:
umask 0022
All new files created should have read access for "others" group in permissions. For existing files, you need to update the permissions explicitly or delete them to allow the systems to recreate them with new permissions.