Bug#3182: cron's checksecurity runs find on NFS mounted filesystems

[Austin Donnelly <and1000@cam.ac.uk>]

Package: cron
Version: 3.0pl1-31

Hi, recently my cron.daily/standard script has been failing with:

   find: /nfs/nymph.csi: Permission denied

errors.

I tracked this down to the checksecurity command that gets run as the
last part.

checksecurity goes:

find `mount | grep -vE ' type (proc|msdos|iso9660) |^/dev/fd| on /mnt' \
	| cut -d ' ' -f 3` \
     -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
  | sort >$TMP

to find some filesystems to check. This is all and well, but it means
it will run the find over any NFS mounted filesystems currently mounted.

This is not a good idea, since this is likely to be slow, and thrash
the NFS server.

The permission denied comes because the script runs as root, and the uid
will be squashed. Presumably this NFS server is not world readable.

My (quick) fix was to patch checksecurity thus:

------------------------------------------------------------
--- /home/and1000/t/foo	Sun Jun  2 12:58:08 1996
+++ /usr/sbin/checksecurity	Sun Jun  2 12:58:11 1996
@@ -11,7 +11,7 @@
 umask 077
 cd /

-find `mount | grep -vE ' type (proc|msdos|iso9660) |^/dev/fd| on /mnt' \
+find `mount | grep -vE ' type (proc|msdos|iso9660|nfs) |^/dev/fd| on /mnt' \
 	| cut -d ' ' -f 3` \
      -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
   | sort >$TMP
------------------------------------------------------------

However, it is possible that you may want to check some NFS server. A
better test would be to ignore nfs servers mounted read only.

Austin