setgid crontab

To: debian-devel@lists.debian.org
Subject: setgid crontab
From: Steve Greenland <steveg@moregruel.net>
Date: Sat, 2 Aug 2003 14:51:03 -0500
Message-id: <[🔎] 20030802195103.GA23026@molehole.dyndns.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: Steve Greenland <steveg@moregruel.net>

Apropos of the recent setuid/setgid thread, and also being prodded by
Stephen Frost, I've changed crontab to be setgid 'cron' rather than
setuid 'root'. Beyond the coding (which is mostly removing setuid()
calls), this involves the following changes:

add system group 'cron'

change /var/spool/cron/crontabs from 755 root.root to 775 root.cron

change crontab files in the spool directory from 600 root.root to 600
userid.cron

At first glance, the only access I've added with this is that a user can
now view or edit (but not delete) her crontab file directly in the spool
directory. Since one could all that with the crontab command anyway, it
doesn't seem a big deal.

Comments, suggestions?


-- 
Steve Greenland
    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world.       -- seen on the net

Reply to:

Follow-Ups:
- Re: setgid crontab
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: setgid crontab
  - From: Steve Greenland <steveg@moregruel.net>
- Re: setgid crontab
  - From: Russell Coker <russell@coker.com.au>
- Re: setgid crontab
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setgid crontab
  - From: Joey Hess <joeyh@debian.org>
- Re: setgid crontab
  - From: Steve Greenland <steveg@moregruel.net>

Prev by Date: Bug#203924: ITP: libxtemplate-ruby1.8 -- Lightweight XML templating engine like Amrita and XSLT
Next by Date: Re: setuid/setgid binaries contained in the Debian repository.
Previous by thread: Bug#203924: ITP: libxtemplate-ruby1.8 -- Lightweight XML templating engine like Amrita and XSLT
Next by thread: Re: setgid crontab
Index(es):
- Date
- Thread