Date: Thu, 21 Sep 2006 11:28:59 +0100 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: Aitor San Juan <asanjuan@bolsabilbao.es> Cc: freebsd-questions@freebsd.org Subject: Re: Default file creation permissions Message-ID: <4512696B.3080106@dial.pipex.com> In-Reply-To: <8944F1E6DB931D4681FF94706234BF71E9E3@BB06.bolsabilbao.local> References: <8944F1E6DB931D4681FF94706234BF71E9E3@BB06.bolsabilbao.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Aitor San Juan wrote: >I have a shell script whose execution is scheduled by CRON. The >command scheduled is of the form: > >50 23 * * 1-5 /apps/batch/cronjobs/bd_backup.sh > >/apps/batch/logs/bd_backup.log 2>&1 > >This shell script runs under the id of root. The file permissions of >the log file created are 644 (owner: root, group: wheel). I'd like that >the file permissions of the log created be 600 (or 640 maximum). How >could I accomplish this? This is probably related to "umask", but I >don't dare changing anything in case that change could affect some >other security configuration as a side effect. > >What would you recommend? > > One solution: write a simple wrapper shell script for this which: a) creates the backup.log file, deleting any existing (> backup.log would probably do) b) changes the permissions to the ones you want with chmod, chgrps etc. etc. c) runs /apps/batch/cronjobs/bd_backup.sh >> /apps/batch/logs/bd_backup.log 2>&1 I.e. appends output to the file you just blanked. Two solution: Always use >> in your cron job, then set up the backup.log to be rotated through newsyslog which can set the permissions correctly. You probably need to create a balnk file with the correct permission once to seed the the process or use newsyslog -C. See the man page for more info. Solution one is easier, solution two also gets you a more permanent record of how the command ran, rather than losing it every day. --Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4512696B.3080106>