Prior to ASE 15.7 SP100, ASE’s errorlog had default permission settings of  rw-r–r– (644).
Starting with ASE 15.7 SP100, SAP has applied a stricter security standard of rw-r—– (640).

This has caused problems with some third party tools that monitor the errorlog but have not been

set up to be part of the sybase group.

The OS UMASK setting can be used to enforce a more restrictive setting, but not a less restrictive one.

There are no configuration parameters you can change in ASE to make these permissions settings.

However, there is a workaround.  Less restrictive permission settings can be accomplished by having the
RUN_SERVER file execute in background a script that does  brief sleep and then a chmod on
the errorlog to the desired permissions.  This script execution would be put before the call to dataserver.
The sleep is to give dataserver enough time to have started up and applied SAP’s restrictive permission settings to the
errorlog.

Create a script file named “reset_errorlog_perms” with the following contents (substitute actual  desired permission setting and errorlog name)

—————-
sleep 5
chmod 644 errorlog.log
—————–

Set execute permissions on for the file (chmod 700 reset_errorlog_perms)

Modify the RUN_SERVER file so it calls reset_errorlog_perms in the background before calling dataserver.

2-25-2015 12-50-52 PM.jpg

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Mike Willett

    Of course this can be done without an extra file with

    ( sleep 5 ; chmod 644 errorlog.log ) &

    in place of the call to “reset_errorlog_perms

    (And for the pedantic you can add a “wait” after the call to dataserver).

    (0) 
  2. Cristian Lopez

    Is a good way, but if SAP ASE applied this stricter security standard, I think that is better solicit to owners of this tools that modify this.

    (0) 

Leave a Reply