Projects/random-commands
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
random-commands/cronjob-fix-log-acls
Darren 'Tadgy' Austin 041ebf1b1a Many small updates to various scripts. 
deleted:    cronjob-update-packages-list.new
deleted:    cronjob-updatedb-mirrors
renamed:    rsync-notify-upload -> notify-rsync-upload
modified:   colour-changelog
modified:   cronjob-clean-php
modified:   cronjob-dehydrated
modified:   cronjob-fix-log-acls
modified:   cronjob-rotate-logs-today-symlink
modified:   cronjob-update-mirrors-search-db
modified:   cronjob-update-packages-list
modified:   cronjob-warn-git-status
modified:   cronjob-warn-smtp-queue
modified:   do-backup
modified:   dovecot-service-checksuspended
modified:   firewall-initscript
modified:   git-auto-merge
modified:   mirror
modified:   mirror-new-slackware-release.gpg
modified:   mirror-wrapper
modified:   notify-rsync-upload
modified:   sbosrcarch-wrapper
2026-05-22 00:27:36 +01:00

28 lines
1 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Set ACLs on /var/log files and directories.
# Sleep for up to a couple of minutes to prevent a race condition with other cron jobs.
sleep $(( RANDOM % 120 ))
# Secure /var/log
shopt -s globstar
GLOBIGNORE="/var/log/packages/:/var/log/setup/:/var/log/scripts/"
# Set standard access perms for directories
setfacl -m user::rwx,group::rx,other::- /var/log/**/
setfacl -m user::rwx,group::rx,other::x /var/log/
# Set standard access perms for files
find /var/log -type f -exec setfacl -m user::rw,group::r,other::- {} +
# Allow group 'admin' read access to all directories/files
setfacl -m group:admin:rX /var/log/**/
find /var/log -type f -exec setfacl -m group:admin:r {} +
# Set default access for new files in directories.
setfacl -dm user::rwX,group::rX,other::- /var/log/**/
setfacl -dm group:admin:rX /var/log/**/
# /var/log/wtmp needs to be readable by everyone
setfacl -m user::rw,group::r,other::r /var/log/wtmp
unset GLOBIGNORE
# To clear above ACL settings:
# setfacl -Rk /path
# setfacl -Rx group:admin: /path
# setfacl -Rx mask:: /path
Reference in a new issue View git blame Copy permalink