How to make the permission settings on ASE’s errorlog less restrictive
Prior to ASE 15.7 SP100, ASE’s errorlog had default permission settings of rw-r–r– (644).
Starting with ASE 15.7 SP100, SAP has applied a stricter security standard of rw-r—– (640).
This has caused problems with some third party tools that monitor the errorlog but have not been
set up to be part of the sybase group.
The OS UMASK setting can be used to enforce a more restrictive setting, but not a less restrictive one.
There are no configuration parameters you can change in ASE to make these permissions settings.
However, there is a workaround. Less restrictive permission settings can be accomplished by having the
RUN_SERVER file execute in background a script that does brief sleep and then a chmod on
the errorlog to the desired permissions. This script execution would be put before the call to dataserver.
The sleep is to give dataserver enough time to have started up and applied SAP’s restrictive permission settings to the
Create a script file named “reset_errorlog_perms” with the following contents (substitute actual desired permission setting and errorlog name)
chmod 644 errorlog.log
Set execute permissions on for the file (chmod 700 reset_errorlog_perms)
Modify the RUN_SERVER file so it calls reset_errorlog_perms in the background before calling dataserver.