University Crest

[wlug] sudo and writing to /var/log

wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Bnonn bnonn@o...
Wed Nov 30 15:27:13 NZDT 2005

Hi everyone,

I'm writing a small script to automate backing up to a remote machine 
using rsync. As part of the script, I'm directing stdout from rsync to 
/var/log/b.netbackup.log. The problem I'm having is in actually 
outputting said stdout.

I run all my scripts with user privileges only, escalating to root only 
those commands within the script that need it. This has various benefits 
in my eyes:

1. Principle of least privilege; why run a whole script as root when you 
can just run certain bits of it?
2. No need to error-check UID=0
3. Anyone in the sudoers group can run the script.

So normally I just type the script name from the dollar prompt, rather 
than sudoing it. Inside the script itself, rsync is run with sudo, so as 
to both read certain files in /etc/ which have 0600 umasks, and also to 
be able to output to the log file in /var/log.


You would think (or at least, I do) that something like "sudo rsync 
options source destination >> /var/log/logfile" would NOT give you a 
permission denied error. Similarly with "sudo date > /var/log/logfile". 
But you would be dead wrong.

Running the entire script with sudo (ie, sudo b.netbackup) will work 
fine, as will running it from a hash prompt.

Anyone got any ideas why I can't write to a log file using sudo? 
Hopefully it isn't something really obvious that will demonstrate my 
fundamental lack of understanding of how Linux works...


More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato