Hi everyone,
I'm writing a small script to automate backing up to a remote machine
using rsync. As part of the script, I'm directing stdout from rsync to
/var/log/b.netbackup.log. The problem I'm having is in actually
outputting said stdout.
I run all my scripts with user privileges only, escalating to root only
those commands within the script that need it. This has various benefits
in my eyes:
1. Principle of least privilege; why run a whole script as root when you
can just run certain bits of it?
2. No need to error-check UID=0
3. Anyone in the sudoers group can run the script.
So normally I just type the script name from the dollar prompt, rather
than sudoing it. Inside the script itself, rsync is run with sudo, so as
to both read certain files in /etc/ which have 0600 umasks, and also to
be able to output to the log file in /var/log.
HOWEVER
You would think (or at least, I do) that something like "sudo rsync
options source destination >> /var/log/logfile" would NOT give you a
permission denied error. Similarly with "sudo date > /var/log/logfile".
But you would be dead wrong.
Running the entire script with sudo (ie, sudo b.netbackup) will work
fine, as will running it from a hash prompt.
Anyone got any ideas why I can't write to a log file using sudo?
Hopefully it isn't something really obvious that will demonstrate my
fundamental lack of understanding of how Linux works...
Regards,
Bnonn
