Bug#3182: cron's checksecurity runs find on NFS mounted filesystems
Package: cron
Version: 3.0pl1-31
Hi, recently my cron.daily/standard script has been failing with:
find: /nfs/nymph.csi: Permission denied
errors.
I tracked this down to the checksecurity command that gets run as the
last part.
checksecurity goes:
find `mount | grep -vE ' type (proc|msdos|iso9660) |^/dev/fd| on /mnt' \
| cut -d ' ' -f 3` \
-xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
| sort >$TMP
to find some filesystems to check. This is all and well, but it means
it will run the find over any NFS mounted filesystems currently mounted.
This is not a good idea, since this is likely to be slow, and thrash
the NFS server.
The permission denied comes because the script runs as root, and the uid
will be squashed. Presumably this NFS server is not world readable.
My (quick) fix was to patch checksecurity thus:
------------------------------------------------------------
--- /home/and1000/t/foo Sun Jun 2 12:58:08 1996
+++ /usr/sbin/checksecurity Sun Jun 2 12:58:11 1996
@@ -11,7 +11,7 @@
umask 077
cd /
-find `mount | grep -vE ' type (proc|msdos|iso9660) |^/dev/fd| on /mnt' \
+find `mount | grep -vE ' type (proc|msdos|iso9660|nfs) |^/dev/fd| on /mnt' \
| cut -d ' ' -f 3` \
-xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
| sort >$TMP
------------------------------------------------------------
However, it is possible that you may want to check some NFS server. A
better test would be to ignore nfs servers mounted read only.
Austin
Reply to: