Log file permissions on Linux

766
11
Jump to solution
11-29-2013 09:22 AM
JoanneMcGraw
Occasional Contributor III
Does anyone know if ArcGIS Server and the Web Adaptor are giving only their owners read access to the log files they create by default?

Is seems the system settings for new files and directories created by that user are being ignored. More importantly, if that is the case, does anyone know where/what we can configure to provide its group with read access as well?

Cheers,
jtm
0 Kudos
1 Solution

Accepted Solutions
JoanneMcGraw
Occasional Contributor III
I contacted ESRI Support about this question and detailed some additional info to them:

In our environment, our ArcGIS Server user has a umask command in its profile that sets its create permissions to 640 (the '4' indicates members of the same group should get read and execute permissions - the execute permissions are necessary in case it's a directory so the group member can "cd" into it). Since the ArcGIS Server is started with the ArcGIS Server user's account, we expected it to use those settings. Instead, new log files continue to be created with 600 permissions.

So, is ArcGIS Server code overriding the umask settings somehow?


And, their response:

Yes, ArcGIS Server will create a file with access for ArcGIS Server account only. It is recommended not to access the log files from outside of ArcGIS Server Manager.


Since ArcGIS Server Manager doesn't provide search capabilities on the logs or the ability to load the entire contents of, say, a VERBOSE-level log in one screen (and because we can't think of any rational reason why granting group members read permissions on those files should be problematic), we're just going to ignore that limitation and continue overwriting ArcGIS Server's permissions for the account after the files are created; pain that that is.

I'll let you know if doing so results in any problems.

Cheers,
jtm

View solution in original post

0 Kudos
11 Replies
BubbaHey
Occasional Contributor III
What is the path for the log files? I thought they were under <serverinstall>/usr/logs - but no logs under /usr
0 Kudos
JoanneMcGraw
Occasional Contributor III
Our log files are under <serverinstall>/usr/logs, as you suggest. Actually, they are under <serverinstall>/usr/logs/<hostname>, I assume because we have a cluster of two ArcGIS Servers set up. It's the same on both servers; although the hostname is different, of course.

If you do not have a logs directory under usr, that suggests they are configurable in some way; at least in terms of their location. Hopefully, in terms of their permissions also.

Cheers,
jtm
0 Kudos
BubbaHey
Occasional Contributor III
Thanks, I'm still looking. Mine was an upgrade from 10.1 - don't know if that is a factor.
0 Kudos
ThomasMontefusco
Occasional Contributor II
Bubbahey, look in /arcgis/server/usr/logs, it sounds like you were looking in  the ArcGISServer folder (I could be wrong)..




On a default install of ArcGIS Server, my permissions for the logs folder are drwx
0 Kudos
ThomasMontefusco
Occasional Contributor II
Sorry cut off -
drwxr-xr-x
0 Kudos
BubbaHey
Occasional Contributor III
Ah.... you are correct. Duh. 🙂

My permissions are the same.
0 Kudos
JoanneMcGraw
Occasional Contributor III
Sorry cut off -
drwxr-xr-x


Tom/Bubba,
Thank you for your responses.

Are your log file permissions similar? I can get into the directory but, for example, the files under server are only read/write for the ArcGIS user. I can't view their contents as a member of the ArcGIS user group.

Cheers,
jtm
0 Kudos
BubbaHey
Occasional Contributor III
As mentioned, mine is an upgrade from 10.1 to 10.2 for my arcgis user I have read/write/execute permissions. But this is an upgrade, I don't know if those are default permissions.
0 Kudos
JoanneMcGraw
Occasional Contributor III
I contacted ESRI Support about this question and detailed some additional info to them:

In our environment, our ArcGIS Server user has a umask command in its profile that sets its create permissions to 640 (the '4' indicates members of the same group should get read and execute permissions - the execute permissions are necessary in case it's a directory so the group member can "cd" into it). Since the ArcGIS Server is started with the ArcGIS Server user's account, we expected it to use those settings. Instead, new log files continue to be created with 600 permissions.

So, is ArcGIS Server code overriding the umask settings somehow?


And, their response:

Yes, ArcGIS Server will create a file with access for ArcGIS Server account only. It is recommended not to access the log files from outside of ArcGIS Server Manager.


Since ArcGIS Server Manager doesn't provide search capabilities on the logs or the ability to load the entire contents of, say, a VERBOSE-level log in one screen (and because we can't think of any rational reason why granting group members read permissions on those files should be problematic), we're just going to ignore that limitation and continue overwriting ArcGIS Server's permissions for the account after the files are created; pain that that is.

I'll let you know if doing so results in any problems.

Cheers,
jtm
0 Kudos