Make upgrade logs readable by root only.

author Valentin Vidic <Valentin.Vidic@CARNet.hr>

Fri, 24 Apr 2009 13:39:17 +0000 (15:39 +0200)

committer Valentin Vidic <Valentin.Vidic@CARNet.hr>

Fri, 24 Apr 2009 13:39:17 +0000 (15:39 +0200)
author Valentin Vidic <Valentin.Vidic@CARNet.hr>
Fri, 24 Apr 2009 13:39:17 +0000 (15:39 +0200)
committer Valentin Vidic <Valentin.Vidic@CARNet.hr>
Fri, 24 Apr 2009 13:39:17 +0000 (15:39 +0200)
diff --git a/src/cn-upgrade b/src/cn-upgrade

index 4c53764..6abb546 100755 (executable)
--- a/src/cn-upgrade
+++ b/src/cn-upgrade
@@ -6,8 +6,16 @@ version="%PKG_VERSION%"
  
  # restart upgrade under script for logging purposes
  if [ "$1" == "--no-script" ]; then
+    # restore umask to default
+    umask 0022
+
      shift
  elif [ -x /usr/bin/script ]; then
+    # make logs safe
+    umask 0077
+    chmod og= /var/log/carnet-upgrade.* 2>/dev/null
+
+    # restart through script
      exec /usr/bin/script -a -t -f -c "$0 --no-script $@" \
           /var/log/carnet-upgrade.typescript 2>>/var/log/carnet-upgrade.timing
  fi
diff --git a/src/functions.sh b/src/functions.sh

index de8f4f9..466e770 100644 (file)
--- a/src/functions.sh
+++ b/src/functions.sh
@@ -22,10 +22,17 @@ pkg() {
  }
  
  log() {
+  local old_umask
    logfile=${logfile:=/var/log/carnet-upgrade.log}
-  touch $logfile
+
+  old_umask=$(umask)
+  umask 0077
+
    echo "$(date +'%Y-%m-%d %H:%M:%S') $*" >> $logfile
    echo "CN: $*"
+
+  umask $old_umask
+  chmod og= $logfile
  }
  
  # find first free uid/gid in range
author	Valentin Vidic <Valentin.Vidic@CARNet.hr>
	Fri, 24 Apr 2009 13:39:17 +0000 (15:39 +0200)
committer	Valentin Vidic <Valentin.Vidic@CARNet.hr>
	Fri, 24 Apr 2009 13:39:17 +0000 (15:39 +0200)
src/cn-upgrade		patch \| blob \| history
src/functions.sh		patch \| blob \| history