Index: head/libexec/rc/rc.d/accounting
===================================================================
--- head/libexec/rc/rc.d/accounting
+++ head/libexec/rc/rc.d/accounting
@@ -21,23 +21,27 @@
 stop_cmd="accounting_stop"
 rotate_log_cmd="accounting_rotate_log"
 
+create_accounting_file()
+{
+	install -o root -g wheel -m 0640 /dev/null "${accounting_file}"
+}
+
 accounting_start()
 {
 	local _dir
 
 	_dir="${accounting_file%/*}"
 	if [ ! -d "$_dir" ]; then
-		if ! mkdir -p "$_dir"; then
+		if ! mkdir -p -m 0750 "$_dir"; then
 			err 1 "Could not create $_dir."
 		fi
 	fi
 
 	if [ ! -e "$accounting_file" ]; then
 		echo -n "Creating accounting file ${accounting_file}"
-		touch "$accounting_file"
+		create_accounting_file
 		echo '.'
 	fi
-	chmod 644 "$accounting_file"
 
 	echo "Turning on accounting."
 	${accounting_command} ${accounting_file}
@@ -51,21 +55,24 @@
 
 accounting_rotate_log()
 {
-	local _dir _file
+	# Note that this function must handle being called as "onerotate_log"
+	# (by the periodic scripts) when accounting is disabled, and handle
+	# being called multiple times (by an admin making mistakes) without
+	# anything having actually rotated the old .0 file out of the way.
 
-	_dir="${accounting_file%/*}"
-	cd $_dir
+	if [ -e "${accounting_file}.0" ]; then
+		err 1 "Cannot rotate accounting log, ${accounting_file}.0 already exists."
+	fi
 
-	if checkyesno accounting_enable; then
-		_file=`mktemp newacct-XXXXX`
-		chmod 644 $_file
-		${accounting_command} ${_dir}/${_file}
+	if [ ! -e "${accounting_file}" ]; then
+		err 1 "Cannot rotate accounting log, ${accounting_file} does not exist."
 	fi
 
 	mv ${accounting_file} ${accounting_file}.0
 
 	if checkyesno accounting_enable; then
-		mv $_file ${accounting_file}
+		create_accounting_file
+		${accounting_command} "${accounting_file}"
 	fi
 }