Date: Thu, 21 Sep 2006 11:28:59 +0100 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: Aitor San Juan <asanjuan@bolsabilbao.es> Cc: freebsd-questions@freebsd.org Subject: Re: Default file creation permissions Message-ID: <4512696B.3080106@dial.pipex.com> In-Reply-To: <8944F1E6DB931D4681FF94706234BF71E9E3@BB06.bolsabilbao.local> References: <8944F1E6DB931D4681FF94706234BF71E9E3@BB06.bolsabilbao.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Aitor San Juan wrote:
>I have a shell script whose execution is scheduled by CRON. The
>command scheduled is of the form:
>
>50 23 * * 1-5 /apps/batch/cronjobs/bd_backup.sh >
>/apps/batch/logs/bd_backup.log 2>&1
>
>This shell script runs under the id of root. The file permissions of
>the log file created are 644 (owner: root, group: wheel). I'd like that
>the file permissions of the log created be 600 (or 640 maximum). How
>could I accomplish this? This is probably related to "umask", but I
>don't dare changing anything in case that change could affect some
>other security configuration as a side effect.
>
>What would you recommend?
>
>
One solution: write a simple wrapper shell script for this which:
a) creates the backup.log file, deleting any existing (> backup.log
would probably do)
b) changes the permissions to the ones you want with chmod, chgrps
etc. etc.
c) runs /apps/batch/cronjobs/bd_backup.sh >>
/apps/batch/logs/bd_backup.log 2>&1
I.e. appends output to the file you just blanked.
Two solution: Always use >> in your cron job, then set up the
backup.log to be rotated through newsyslog which can set the permissions
correctly. You probably need to create a balnk file with the correct
permission once to seed the the process or use newsyslog -C. See the
man page for more info.
Solution one is easier, solution two also gets you a more permanent
record of how the command ran, rather than losing it every day.
--Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4512696B.3080106>