Index: libexec/rc/rc.d/accounting
===================================================================
--- libexec/rc/rc.d/accounting
+++ libexec/rc/rc.d/accounting
@@ -27,17 +27,16 @@
 
 	_dir="${accounting_file%/*}"
 	if [ ! -d "$_dir" ]; then
-		if ! mkdir -p "$_dir"; then
+		if ! mkdir -p -m 0750 "$_dir"; then
 			err 1 "Could not create $_dir."
 		fi
 	fi
 
 	if [ ! -e "$accounting_file" ]; then
 		echo -n "Creating accounting file ${accounting_file}"
-		touch "$accounting_file"
+		( umask 026; touch "${accounting_file}" )
 		echo '.'
 	fi
-	chmod 644 "$accounting_file"
 
 	echo "Turning on accounting."
 	${accounting_command} ${accounting_file}
@@ -51,21 +50,24 @@
 
 accounting_rotate_log()
 {
-	local _dir _file
+	# Note that this function must handle being called as "onerotate_log"
+	# (by the periodic scripts) when accounting is disabled, and handle
+	# being called multiple times (by an admin making mistakes) without
+	# anything having actually rotated the old .0 file out of the way.
 
-	_dir="${accounting_file%/*}"
-	cd $_dir
+	if [ -e "${accounting_file}.0" ]; then
+		err 1 "Cannot rotate accounting log, ${accounting_file}.0 already exists."
+	fi
 
-	if checkyesno accounting_enable; then
-		_file=`mktemp newacct-XXXXX`
-		chmod 644 $_file
-		${accounting_command} ${_dir}/${_file}
+	if [ ! -e "${accounting_file}" ]; then
+		err 1 "Cannot rotate accounting log, ${accounting_file} does not exist."
 	fi
 
 	mv ${accounting_file} ${accounting_file}.0
 
 	if checkyesno accounting_enable; then
-		mv $_file ${accounting_file}
+		( umask 026; touch "${accounting_file}" )
+		${accounting_command} "${accounting_file}"
 	fi
 }