University Crest

[wlug] sudo and writing to /var/log

 
wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Bnonn bnonn@o...
Wed Nov 30 15:27:13 NZDT 2005


Hi everyone,

I'm writing a small script to automate backing up to a remote machine 
using rsync. As part of the script, I'm directing stdout from rsync to 
/var/log/b.netbackup.log. The problem I'm having is in actually 
outputting said stdout.

I run all my scripts with user privileges only, escalating to root only 
those commands within the script that need it. This has various benefits 
in my eyes:

1. Principle of least privilege; why run a whole script as root when you 
can just run certain bits of it?
2. No need to error-check UID=0
3. Anyone in the sudoers group can run the script.

So normally I just type the script name from the dollar prompt, rather 
than sudoing it. Inside the script itself, rsync is run with sudo, so as 
to both read certain files in /etc/ which have 0600 umasks, and also to 
be able to output to the log file in /var/log.

HOWEVER

You would think (or at least, I do) that something like "sudo rsync 
options source destination >> /var/log/logfile" would NOT give you a 
permission denied error. Similarly with "sudo date > /var/log/logfile". 
But you would be dead wrong.

Running the entire script with sudo (ie, sudo b.netbackup) will work 
fine, as will running it from a hash prompt.

Anyone got any ideas why I can't write to a log file using sudo? 
Hopefully it isn't something really obvious that will demonstrate my 
fundamental lack of understanding of how Linux works...

Regards,
Bnonn




More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato