Default file creation permissions
Hi List, I have a shell script whose execution is scheduled by CRON. The command scheduled is of the form: 50 23 * * 1-5 /apps/batch/cronjobs/bd_backup.sh > /apps/batch/logs/bd_backup.log 2>&1 This shell script runs under the id of root. The file permissions of the log file created are 644 (owner: root, group: wheel). I'd like that the file permissions of the log created be 600 (or 640 maximum). How could I accomplish this? This is probably related to "umask", but I don't dare changing anything in case that change could affect some other security configuration as a side effect. What would you recommend? Any hint or suggestion would be highly appreciated. Thanks in advance. Aitor. LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Default file creation permissions
Aitor San Juan wrote: > I have a shell script whose execution is scheduled by CRON. The > command scheduled is of the form: > > 50 23 * * 1-5 /apps/batch/cronjobs/bd_backup.sh > > /apps/batch/logs/bd_backup.log 2>&1 > > This shell script runs under the id of root. The file permissions of > the log file created are 644 (owner: root, group: wheel). I'd like that > the file permissions of the log created be 600 (or 640 maximum). How > could I accomplish this? This is probably related to "umask", but I > don't dare changing anything in case that change could affect some > other security configuration as a side effect. > > What would you recommend? I have a few shell scripts that are run from CRON also. To accomplish what you want, I have 'chmod' and 'chown' commands in the scripts. Perhaps you might be able to incorporate something like that into yours. -- Gerard "Health experts in Europe now say one carrot a day can keep you free of colon cancer. You know, I just hope they mean you eat it." ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Default file creation permissions
Thanks for your reply, Gerard. As you can see, the log file is not created from within the shell script. It's created as the redirection of the output, so your suggestion implies modifying the shell script source code. That script calls some other scripts too and imports other scripts which define some predefined common functions with common behaviour among all the shell scripts developed. This means that is this case the backup script is called by CRON but there's also the possibility of invoking it manually (for example in the need of a backup out of the normal scheduled time). When invoked manually, the results are shown in the screen to the user... You know, the script is not isolated, it's part of a bigger infrastructure behinf the scene, hidden to some users which may invoke batch script from within menus (with no command line access). I'd like to find another solution, having to modify the shell script in the last resort. Thanks in advance. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Gerard Seibert Enviado el: jueves, 21 de septiembre de 2006 11:39 Para: freebsd-questions@freebsd.org Asunto: Re: Default file creation permissions Aitor San Juan wrote: > I have a shell script whose execution is scheduled by CRON. The > command scheduled is of the form: > > 50 23 * * 1-5 /apps/batch/cronjobs/bd_backup.sh > > /apps/batch/logs/bd_backup.log 2>&1 > > This shell script runs under the id of root. The file permissions of > the log file created are 644 (owner: root, group: wheel). I'd like that > the file permissions of the log created be 600 (or 640 maximum). How > could I accomplish this? This is probably related to "umask", but I > don't dare changing anything in case that change could affect some > other security configuration as a side effect. > > What would you recommend? I have a few shell scripts that are run from CRON also. To accomplish what you want, I have 'chmod' and 'chown' commands in the scripts. Perhaps you might be able to incorporate something like that into yours. -- Gerard LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE * Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Default file creation permissions
Aitor San Juan wrote: I have a shell script whose execution is scheduled by CRON. The command scheduled is of the form: 50 23 * * 1-5 /apps/batch/cronjobs/bd_backup.sh > /apps/batch/logs/bd_backup.log 2>&1 This shell script runs under the id of root. The file permissions of the log file created are 644 (owner: root, group: wheel). I'd like that the file permissions of the log created be 600 (or 640 maximum). How could I accomplish this? This is probably related to "umask", but I don't dare changing anything in case that change could affect some other security configuration as a side effect. What would you recommend? One solution: write a simple wrapper shell script for this which: a) creates the backup.log file, deleting any existing (> backup.log would probably do) b) changes the permissions to the ones you want with chmod, chgrps etc. etc. c) runs /apps/batch/cronjobs/bd_backup.sh >> /apps/batch/logs/bd_backup.log 2>&1 I.e. appends output to the file you just blanked. Two solution: Always use >> in your cron job, then set up the backup.log to be rotated through newsyslog which can set the permissions correctly. You probably need to create a balnk file with the correct permission once to seed the the process or use newsyslog -C. See the man page for more info. Solution one is easier, solution two also gets you a more permanent record of how the command ran, rather than losing it every day. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
