fix: switch to unprivileged user now works as expected, and so the script...

fix: switch to unprivileged user now works as expected, and so the script finally actually moves old logs

fix: switch to unprivileged user now works as expected, and so the script...
1e9a217d · Jörg Sachse · 30580daa · 1e9a217d
Commit 1e9a217d authored 2 years ago by Jörg Sachse
--- a/files/usr/local/bin/move_old_logs.sh
+++ b/files/usr/local/bin/move_old_logs.sh
@@ -16,29 +16,46 @@ PREVIOUS_YEAR="$(( CURRENT_YEAR - 1 ))"

 cd "/var/log/${APP}/" || exit 1

-# create directories for old logfiles
-for YEAR in $( seq ${START_YEAR} ${PREVIOUS_YEAR} ); do
-	mkdir -p "old/${YEAR}"
-done
-chown -R processing.processing "/var/log/${APP}/old/"
-
-# move all old logfiles
-for YEAR in $( seq ${START_YEAR} ${PREVIOUS_YEAR} ); do
+# Initially, this script will ALWAYS be called by root. This is because we have
+# to switch users depending on the workflow that we're working with. Also, we
+# HAVE to switch to a non-root user, because the NFS-share prohibits write
+# operations from the root user.
+# To solve this, we check if the script is run by root, and if it is, we run
+# the script again with the correct user by calling `exec`.
+# Once `exec` is called, the script terminates and is called again with the
+# new user, which makes the UID check skip and executes the move operations
+# below.
+if [ $UID -eq 0 ]; then
 	if [[ "${APP}" == "disapp" ]]; then
-		if find ./ -maxdepth 1 -name "disapp.log.${YEAR}-*.lz"; then mv "disapp.log.${YEAR}-*.lz" "old/${YEAR}/"; fi
+		exec su "access" "$0" "$@"
+		# nothing will be executed beyond that line,
+		# because exec replaces running process with the new one
 	fi
-
 	if [[ "${APP}" == "subapp" ]]; then
-		# We run `find` before `mv` to make sure that `mv` doesn't fail if there are no files to move
-		if find ./ -maxdepth 1 -name "Protokoll_SLUBArchiv_Erfolgreich-${YEAR}*.log" > /dev/null; then mv "Protokoll_SLUBArchiv_Erfolgreich-${YEAR}*.log" "old/${YEAR}/"; fi
-		if find ./ -maxdepth 1 -name "Protokoll_SLUBArchiv_FEHLER-${YEAR}*.log" > /dev/null; then mv "Protokoll_SLUBArchiv_FEHLER-${YEAR}*.log" "old/${YEAR}/"; fi
-		if find ./ -maxdepth 1 -name "sips.log.${YEAR}-*.lz" > /dev/null; then mv "sips.log.${YEAR}-*.lz" "old/${YEAR}/"; fi
-		if find ./ -maxdepth 1 -name "subapp.log.${YEAR}-*.lz" > /dev/null; then mv "subapp.log.${YEAR}-*.lz" "old/${YEAR}/"; fi
-		if find ./ -maxdepth 1 -name "producer_mails.log.${YEAR}-*.lz" > /dev/null; then mv "producer_mails.log.${YEAR}-*.lz" "old/${YEAR}/"; fi
-		if find ./ -maxdepth 1 -name "staff_mails.log.${YEAR}-*.lz" > /dev/null; then mv "staff_mails.log.${YEAR}-*.lz" "old/${YEAR}/"; fi
+		exec su "processing" "$0" "$@"
+		# nothing will be executed beyond that line,
+		# because exec replaces running process with the new one
 	fi
-
 	if [[ "${APP}" == "subapp_webservice" ]]; then
-		if find ./ -maxdepth 1 -name "webservice.log.${YEAR}-*.lz"; then mv "webservice.log.${YEAR}-*.lz" "old/${YEAR}/"; fi
+		exec su "processing" "$0" "$@"
+		# nothing will be executed beyond that line,
+		# because exec replaces running process with the new one
 	fi
+fi
+
+# Execution resumes here, if we're a non-root user.
+cd "/var/log/${APP}/" || exit 1
+for YEAR in $( seq ${START_YEAR} ${PREVIOUS_YEAR} ); do
+	mkdir -p "old/${YEAR}";
+	# DISapp
+	if [[ -n $( find ./ -maxdepth 1 -name "disapp.log.${YEAR}-*.lz" ) ]]; then mv disapp.log.${YEAR}-*.lz "old/${YEAR}/"; fi
+	# SUBapp
+	if [[ -n $( find ./ -maxdepth 1 -name "Protokoll_SLUBArchiv_Erfolgreich-${YEAR}*.log" ) ]]; then mv Protokoll_SLUBArchiv_Erfolgreich-${YEAR}*.log "old/${YEAR}/"; fi
+	if [[ -n $( find ./ -maxdepth 1 -name "Protokoll_SLUBArchiv_FEHLER-${YEAR}*.log" ) ]]; then mv Protokoll_SLUBArchiv_FEHLER-${YEAR}*.log "old/${YEAR}/"; fi
+	if [[ -n $( find ./ -maxdepth 1 -name "sips.log.${YEAR}-*.lz" ) ]]; then mv sips.log.${YEAR}-*.lz "old/${YEAR}/"; fi
+	if [[ -n $( find ./ -maxdepth 1 -name "subapp.log.${YEAR}-*.lz" ) ]]; then mv subapp.log.${YEAR}-*.lz "old/${YEAR}/"; fi
+	if [[ -n $( find ./ -maxdepth 1 -name "producer_mails.log.${YEAR}-*.lz" ) ]]; then mv producer_mails.log.${YEAR}-*.lz "old/${YEAR}/"; fi
+	if [[ -n $( find ./ -maxdepth 1 -name "staff_mails.log.${YEAR}-*.lz" ) ]]; then mv staff_mails.log.${YEAR}-*.lz "old/${YEAR}/"; fi
+	# SUBapp Webservice
+	if [[ -n $( find ./ -maxdepth 1 -name "webservice.log.${YEAR}-*.lz" ) ]]; then mv webservice.log.${YEAR}-*.lz "old/${YEAR}/"; fi
 done