1

So, I have a bash script "get-data.sh that runs other two python scripts

#!/bin/bash

scripts=/root/scripts
datos=/root/zabbixdata
fecha=$(date +"%Y_%m_%d")

sudo $scripts/filesystem.py > $datos/filesystem_$fecha.log &
sudo $scripts/cpu.py > $datos/cpu_$fecha.log &

and when i run the script I get the following error

./get-data.sh: line 8: /root/zabbixdata/filesystem_2020_01_02.log: Permission denied
./get-data.sh: line 9: /root/zabbixdata/cpu_2020_01_02.log: Permission denied

The permissions of the python scripts:

-rwxrwxr-x 1 myuser myuser 1629 Jan  2 12:01 cpu.py
-rwxrwxr-x 1 myuser myuser 1680 Jan  2 11:06 filesystem.py

the permission of the bash script:

-rwxrwxr-x 1 myuser myuser   326 Jan  2 11:51 get-data.sh

the permission of the target directory

drwxrwxr-x 2 myuser myuser 6 Jan  2 11:43 zabbixdata

the persmission of the scripts directory

drwxrwxr-x 2 myuser myuser 93 Jan  2 12:14 scripts

It seem that I have all the permission but still I can create those file via shell scripting

any ideas?

1 Answers1

1

I suppose that the permission of your /root directory are 0550 (the default in a Centos server).

# stat /root/
File: /root/
Size: 4096          Blocks: 8          IO Block: 4096   directory
Device: fd01h/64769d    Inode: 10747905    Links: 23
Access: (0550/dr-xr-x---)  Uid: (    0/    root)   Gid: (    0/    root)

If you execute the script "get-data.sh" with the user myuser, the standard output redirection is performed by your shell which does not have the permission to access to /root. The redirection of the output is not performed by sudo.

There is a missing 'x' flag in 'other' section of /root permission that allows to access to the subdirectories /root/zabbixdata/ but maybe you don't want add it for security reasons. In [1] you can find some example of use of redirection with sudo.

[1] https://stackoverflow.com/questions/82256/how-do-i-use-sudo-to-redirect-output-to-a-location-i-dont-have-permission-to-wr

NoNoNo
  • 1,963
  • 14
  • 20