Make upgrade logs readable by root only.

[carnet-upgrade.git] / src / functions.sh

diff --git a/src/functions.sh b/src/functions.sh
index de8f4f9..466e770 100644 (file)
--- a/src/functions.sh
+++ b/src/functions.sh
@@ -22,10 +22,17 @@ pkg() {
 }
 
 log() {
+  local old_umask
   logfile=${logfile:=/var/log/carnet-upgrade.log}
-  touch $logfile
+
+  old_umask=$(umask)
+  umask 0077
+
   echo "$(date +'%Y-%m-%d %H:%M:%S') $*" >> $logfile
   echo "CN: $*"
+
+  umask $old_umask
+  chmod og= $logfile
 }
 
 # find first free uid/gid in range