Make upgrade logs readable by root only.

[carnet-upgrade.git] / src / functions.sh

diff --git a/src/functions.sh b/src/functions.sh
index a8c9b4e..466e770 100644 (file)
--- a/src/functions.sh
+++ b/src/functions.sh
@@ -22,10 +22,17 @@ pkg() {
 }
 
 log() {
+  local old_umask
   logfile=${logfile:=/var/log/carnet-upgrade.log}
-  touch $logfile
+
+  old_umask=$(umask)
+  umask 0077
+
   echo "$(date +'%Y-%m-%d %H:%M:%S') $*" >> $logfile
   echo "CN: $*"
+
+  umask $old_umask
+  chmod og= $logfile
 }
 
 # find first free uid/gid in range
@@ -1188,7 +1195,7 @@ upgrade_udev () {
                 /etc/udev/rules.d/compat.rules
   do
      if [ -e $config ]; then
-        mv -v $config /etc/udev/
+        rm -v -f $config
      fi
   done