Execute a script as a superuser without using a password

[FrDrake]

Hi all, I'm trying to write a script to manage log files (a program that we use generates a copious amount of log data and so we only want to keep 3 days worth of files) so I tried to set up a script that will copy off the log and then remake the log file. My problem is that the directory of the log files requires sudo to make modifications to. I'm trying to get the script to run nightly though using cron and I want it to be able to do its thing without the need for user input.

So my question is this, how can I get the script to run with the admin ability to modify directories without the need for a password.

This script will be buried deep within a server architecture so even if there's a way to hardcode a username and password is fine, as there will be lots of other securities on the outside.

Any help or clues will be greatly appreciated,
Thanks

[Irithori]

The standard logrotate comes to mind.
And for copying logs to another machine, rsyslog offers quite sophisticated features.

The combination of logrotate and rsyslog should be enough to fulfill your requirements.
Plus you dont have to develop, maintain and deploy something, but just take care of some config files.

[FrDrake]

Thanks for the reply, I looked at logrotate already but there was some reason I put that aside, I may not know enough about setting that up but I'll check it again.

Thanks

[FrDrake]

So if I understand this right I set up the logrotate configuration file and then have my crontab execute the command to run the logrotate nightly?

[Irithori]

The rpm of logrotate will already establish an appropiate daily cronjob, so that you can concentrate on which files you want to rotate, by which criteria and you can also define additional actions.

[Irithori]

Apart from the obvious -man pages - this looks nice as an introduction:
Slicehost Articles: Understanding logrotate on RHEL - part 1

[FrDrake]

Something that I'm seeing with logrotate is something that I saw as well, after the logrotation I need to restart my application for it to start logging again. Right now the application requires sudo authentication to start is the proper method of overcoming this to allow all users to restart the application or how would I get this application to restart automatically after the logs swap.

[Irithori]

That´s what the "postrotate.. endscript" section is for.
logrotate usually runs as root, so sudo is not neccessary.
Maybe su, if that daemon completely runs as a regular user and doesnt need root resources such as ports <1024

Also, it may be sufficient to send a SIGHUP.
It is not uncommon, that daemons will reopen their logfiles after that.
This is preferred to a stop/start, as there is no break and it takes less ressoures.

[FrDrake]

Thanks again for all your insight.