From 34bbbf9ae392e67c2f8bc27e93b2e8d6f2eac369 Mon Sep 17 00:00:00 2001 From: Valentin Vidic Date: Fri, 24 Apr 2009 15:39:17 +0200 Subject: [PATCH] Make upgrade logs readable by root only. --- src/cn-upgrade | 8 ++++++++ src/functions.sh | 9 ++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/cn-upgrade b/src/cn-upgrade index 4c53764..6abb546 100755 --- a/src/cn-upgrade +++ b/src/cn-upgrade @@ -6,8 +6,16 @@ version="%PKG_VERSION%" # restart upgrade under script for logging purposes if [ "$1" == "--no-script" ]; then + # restore umask to default + umask 0022 + shift elif [ -x /usr/bin/script ]; then + # make logs safe + umask 0077 + chmod og= /var/log/carnet-upgrade.* 2>/dev/null + + # restart through script exec /usr/bin/script -a -t -f -c "$0 --no-script $@" \ /var/log/carnet-upgrade.typescript 2>>/var/log/carnet-upgrade.timing fi diff --git a/src/functions.sh b/src/functions.sh index de8f4f9..466e770 100644 --- a/src/functions.sh +++ b/src/functions.sh @@ -22,10 +22,17 @@ pkg() { } log() { + local old_umask logfile=${logfile:=/var/log/carnet-upgrade.log} - touch $logfile + + old_umask=$(umask) + umask 0077 + echo "$(date +'%Y-%m-%d %H:%M:%S') $*" >> $logfile echo "CN: $*" + + umask $old_umask + chmod og= $logfile } # find first free uid/gid in range -- 1.7.10.4