[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#3182: cron's checksecurity runs find on NFS mounted filesystems

Package: cron
Version: 3.0pl1-31

Hi, recently my cron.daily/standard script has been failing with:

   find: /nfs/nymph.csi: Permission denied


I tracked this down to the checksecurity command that gets run as the
last part.

checksecurity goes:

find `mount | grep -vE ' type (proc|msdos|iso9660) |^/dev/fd| on /mnt' \
	| cut -d ' ' -f 3` \
     -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
  | sort >$TMP

to find some filesystems to check. This is all and well, but it means
it will run the find over any NFS mounted filesystems currently mounted.

This is not a good idea, since this is likely to be slow, and thrash
the NFS server.

The permission denied comes because the script runs as root, and the uid
will be squashed. Presumably this NFS server is not world readable.

My (quick) fix was to patch checksecurity thus:

--- /home/and1000/t/foo	Sun Jun  2 12:58:08 1996
+++ /usr/sbin/checksecurity	Sun Jun  2 12:58:11 1996
@@ -11,7 +11,7 @@
 umask 077
 cd /

-find `mount | grep -vE ' type (proc|msdos|iso9660) |^/dev/fd| on /mnt' \
+find `mount | grep -vE ' type (proc|msdos|iso9660|nfs) |^/dev/fd| on /mnt' \
 	| cut -d ' ' -f 3` \
      -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
   | sort >$TMP

However, it is possible that you may want to check some NFS server. A
better test would be to ignore nfs servers mounted read only.


Reply to: