[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

setgid crontab

Apropos of the recent setuid/setgid thread, and also being prodded by
Stephen Frost, I've changed crontab to be setgid 'cron' rather than
setuid 'root'. Beyond the coding (which is mostly removing setuid()
calls), this involves the following changes:

add system group 'cron'

change /var/spool/cron/crontabs from 755 root.root to 775 root.cron

change crontab files in the spool directory from 600 root.root to 600

At first glance, the only access I've added with this is that a user can
now view or edit (but not delete) her crontab file directly in the spool
directory. Since one could all that with the crontab command anyway, it
doesn't seem a big deal.

Comments, suggestions?

Steve Greenland
    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world.       -- seen on the net

Reply to: