# CRON gets Permission denied writing in /var/log



## dragonbite (Dec 13, 2012)

I have a CRON job running a shell script with the following command:


```
"MAILTO="me@work.com""
30 5 * * * $HOME/updatedb.sh &>> /var/log/updatedb.sh.log
```

Unfortunately I get the following error:

```
cannot create /var/log/dbupdater_updatedb.sh.log: Permission denied
```

The permissions for /var/log are 
	
	



```
drwxr-xr-x   2 root    wheel   1536 Dec 13 03:01 log
```

Do I need to add the user (dbupdater) to the _wheel_ group and add write permissions to /varl/log?  If so, how do I add the write permission for the wheel group only, and not for everybody?  I know it is _chmod_ but I am not sure of the parameters.


----------



## kpa (Dec 13, 2012)

Your job is run as your own user account and not root. You can move the log file to your home directory

```
30 5 * * * $HOME/updatedb.sh &>> $HOME/updatedb.sh.log
```

Or if you must have the log file under /var/log, create a subdirectory as root under /var/log that is owned and writable by your unprivileged user

`# mkdir /var/log/dragonbite`
`# chown dragonbite /var/log/dragonbite`
`# chgrp dragonbite /var/log/dragonbite`


```
30 5 * * * $HOME/updatedb.sh &>> /var/log/dragonbite/updatedb.sh.log
```


----------



## dragonbite (Dec 13, 2012)

That's what I ended up doing. Made a directory inside of `/var/log`, made the directory have 0775 permissions and added the user to the `wheel` group.

Would it be better for me to set the owner and group of the directory for the specific user or add the user to `wheel`?


----------



## kpa (Dec 13, 2012)

Make the directory owned by the user, that way you don't have to add the user to the wheel group.


----------



## dragonbite (Dec 14, 2012)

Here is what I did.

The process I am logging belongs to one user ("dbupdater") but there may be more users/processes anytime in the future.

So I set up a directory based on the company name for all of our custom log files with root:wheel for ownership.  Inside THAT directory is a directory for the individual users (/var/log/companyname/dbupdater/) and all log files that "dbupdater" will run goes in there. This folder is owned by dbupdater:dbupdater with 0755 permissions.

This way he can manage the log files within without adding him to wheel, or having to open it up to EVERYBODY.

And if I have a process in my account that I want to log it should go into /var/log/companyname/dragonbite and makes it easy to keep track.


----------

