Tom Brown wrote:
What are the applications? What is the directory structure? Is the permission problem on a directory or a file? What user account owns the application process? Is the app un-doing your manual permission changes on existing files and directories, or just not granting read permission to new objects?
in house apps running out of /opt/<appname> and logging into /opt/<appname>/logs and are running as user <appname>
need to have world read on /opt/<appname>/logs
when permissions are 'manually' set when the app is redeployed it seems that the world read is removed (i am investigating why this is)
If it is the permissions on the directory that are the problem, then you may be able to change the owner of the logs directory and then give the application rw permissions. That way the application will be able to write its logs, but would not be able to change permissions on the directory.
If it is the permissions on the directory that are the problem, then you may be able to change the owner of the logs directory and then give the application rw permissions. That way the application will be able to write its logs, but would not be able to change permissions on the directory.
i will investigate all options given, thanks all
the issue is that this is a somewhat automated process in that a machine is installed, applications deployed and brought into service as an automated process so i cant check all the time to make sure permissions are OK, ie world readable on logs.
i think to solve this i need to delve into the deploy to see why the permissions are being reset -
-
Bowie Bailey -
Tom Brown