Link to home
Create AccountLog in
Avatar of ashsysad
ashsysadFlag for United States of America

asked on

Creating file with 660 permission

I have a script that will log all its output to a new logfile that it is created with that day's timestamp. The content of these logfiles contains some confidential information. So I want these log files to be created with permission 660, so that only 'root' user can read it. I'm aware that it can be done by changing the 'umask' value but I don't want the change to affect globally. I just want for one particular folder where the logfiles will be created using script. Is that possible to do ?  I had this question 4 years before when I got into similar situation but I couldn't succeed to get a solution.

[root@sysllm01 ]# ls -l
total 168
-rw-r--r-- 1 root root  4966 Mar 14 23:42 3-14-2011_orallm11.log
-rw-r--r-- 1 root root  4984 Mar 15 19:38 3-15-2011_orallm11.log
-rw-r--r-- 1 root root  4960 Mar 16 19:20 3-16-2011_orallm11.log
-rw-r--r-- 1 root root  4984 Mar 17 19:44 3-17-2011_orallm11.log
-rw-r--r-- 1 root root  4977 Mar 18 19:27 3-18-2011_orallm11.log
-rw-r--r-- 1 root root  4982 Mar 19 19:31 3-19-2011_orallm11.log
-rw-r--r-- 1 root root  4973 Mar 20 22:48 3-20-2011_orallm11.log
-rw-r--r-- 1 root root  4977 Mar 21 19:40 3-21-2011_orallm11.log
-rw-r--r-- 1 root root  4983 Mar 22 19:27 3-22-2011_orallm11.log
-rw-r--r-- 1 root root  4984 Mar 23 19:44 3-23-2011_orallm11.log
-rw-r--r-- 1 root root  4984 Mar 24 19:45 3-24-2011_orallm11.log
-rw-r--r-- 1 root root  4574 Mar 25 19:41 3-25-2011_orallm11.log
-rw-r--r-- 1 root root  1359 Mar 26 20:14 3-26-2011_orallm11.log
-rw-r--r-- 1 root root  4586 Mar 28 20:13 3-28-2011_orallm11.log
-rw-r--r-- 1 root root  5038 Mar 29 19:40 3-29-2011_orallm11.log
SOLUTION
Avatar of Willem
Willem
Flag of Germany image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of ashsysad

ASKER

Thanks for your ideas. However since the servers are being in production, I'm concerned about changing the 'umask' value even for a short period of time as it will affect the entire system. Further I'm not sure if I need to export/re-export UMASK global variable (Have to test it). Using 'chmod' is an easy option but still I can do it only after the entire script execution (the script approximately runs for about 3 hours everyday). So during that time interval, the newly created log files will be read by other users which I wish to prevent. I'm wondering if there is any way using which I can make just one particular folder in system to create files with permission 660 ?
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
How about writing your logs to a SMB share and setting the SMB option force user and force group on that folder.
Very good suggestions. Thanks for everyone !