From owner-freebsd-questions@FreeBSD.ORG Thu Sep 21 10:48:59 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A812216A403 for ; Thu, 21 Sep 2006 10:48:59 +0000 (UTC) (envelope-from xfb52@dial.pipex.com) Received: from smtp-out4.blueyonder.co.uk (smtp-out4.blueyonder.co.uk [195.188.213.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B4E643D45 for ; Thu, 21 Sep 2006 10:48:59 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from [172.23.170.142] (helo=anti-virus02-09) by smtp-out4.blueyonder.co.uk with smtp (Exim 4.52) id 1GQM6z-0005Gl-Vn; Thu, 21 Sep 2006 11:48:58 +0100 Received: from [82.41.35.166] (helo=[192.168.0.2]) by asmtp-out2.blueyonder.co.uk with esmtp (Exim 4.52) id 1GQLng-0008O9-4w; Thu, 21 Sep 2006 11:29:00 +0100 Message-ID: <4512696B.3080106@dial.pipex.com> Date: Thu, 21 Sep 2006 11:28:59 +0100 From: Alex Zbyslaw User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.13) Gecko/20060515 X-Accept-Language: en MIME-Version: 1.0 To: Aitor San Juan References: <8944F1E6DB931D4681FF94706234BF71E9E3@BB06.bolsabilbao.local> In-Reply-To: <8944F1E6DB931D4681FF94706234BF71E9E3@BB06.bolsabilbao.local> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Default file creation permissions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2006 10:48:59 -0000 Aitor San Juan wrote: >I have a shell script whose execution is scheduled by CRON. The >command scheduled is of the form: > >50 23 * * 1-5 /apps/batch/cronjobs/bd_backup.sh > >/apps/batch/logs/bd_backup.log 2>&1 > >This shell script runs under the id of root. The file permissions of >the log file created are 644 (owner: root, group: wheel). I'd like that >the file permissions of the log created be 600 (or 640 maximum). How >could I accomplish this? This is probably related to "umask", but I >don't dare changing anything in case that change could affect some >other security configuration as a side effect. > >What would you recommend? > > One solution: write a simple wrapper shell script for this which: a) creates the backup.log file, deleting any existing (> backup.log would probably do) b) changes the permissions to the ones you want with chmod, chgrps etc. etc. c) runs /apps/batch/cronjobs/bd_backup.sh >> /apps/batch/logs/bd_backup.log 2>&1 I.e. appends output to the file you just blanked. Two solution: Always use >> in your cron job, then set up the backup.log to be rotated through newsyslog which can set the permissions correctly. You probably need to create a balnk file with the correct permission once to seed the the process or use newsyslog -C. See the man page for more info. Solution one is easier, solution two also gets you a more permanent record of how the command ran, rather than losing it every day. --Alex