CRON gets Permission denied writing in /var/log

[dragonbite]

I have a CRON job running a shell script with the following command:

"MAILTO="me@work.com""
30 5 * * * $HOME/updatedb.sh &>> /var/log/updatedb.sh.log

Unfortunately I get the following error:

cannot create /var/log/dbupdater_updatedb.sh.log: Permission denied

The permissions for /var/log are

drwxr-xr-x   2 root    wheel   1536 Dec 13 03:01 log

Do I need to add the user (dbupdater) to the wheel group and add write permissions to /varl/log? If so, how do I add the write permission for the wheel group only, and not for everybody? I know it is chmod but I am not sure of the parameters.

 

[kpa]

Your job is run as your own user account and not root. You can move the log file to your home directory

30 5 * * * $HOME/updatedb.sh &>> $HOME/updatedb.sh.log

Or if you must have the log file under /var/log, create a subdirectory as root under /var/log that is owned and writable by your unprivileged user

# mkdir /var/log/dragonbite
# chown dragonbite /var/log/dragonbite
# chgrp dragonbite /var/log/dragonbite

30 5 * * * $HOME/updatedb.sh &>> /var/log/dragonbite/updatedb.sh.log

 

[dragonbite]

That's what I ended up doing. Made a directory inside of `/var/log`, made the directory have 0775 permissions and added the user to the `wheel` group.

Would it be better for me to set the owner and group of the directory for the specific user or add the user to `wheel`?

 

[kpa]

Make the directory owned by the user, that way you don't have to add the user to the wheel group.

 

[dragonbite]

Here is what I did.

The process I am logging belongs to one user ("dbupdater") but there may be more users/processes anytime in the future.

So I set up a directory based on the company name for all of our custom log files with root:wheel for ownership. Inside THAT directory is a directory for the individual users (/var/log/companyname/dbupdater/) and all log files that "dbupdater" will run goes in there. This folder is owned by dbupdater:dbupdater with 0755 permissions.

This way he can manage the log files within without adding him to wheel, or having to open it up to EVERYBODY.

And if I have a process in my account that I want to log it should go into /var/log/companyname/dragonbite and makes it easy to keep track.