Re: setgid crontab

[Steve Greenland <steveg@moregruel.net>]

On 02-Aug-03, 17:00 (CDT), Russell Coker <russell@coker.com.au> wrote: 
> On Sun, 3 Aug 2003 05:51, Steve Greenland wrote:
> Sounds good to me.  You are not the first person to do it however, I believe 
> that Solar Designer did the same thing for OpenWall (of course when Solar 
> Designer has the same security idea as you then it's a good sign you're doing 
> the right thing).

I'd be flattered, except it wasn't my idea, I just finally got around to
doing it. :-) But I'll take a look at SD's version.

> If a user is listed in /etc/cron.deny then "crontab -l" does not work for 
> them, so if you permit them to cat the file directly then you are changing 
> the functionality, which may not be desired.

Ah, good catch. Of course, neither does 'crontab -e', but I suppose root
could have put the file their for them.

> It's easy enough to make the directory containing the files be mode 0775 to 
> solve this.

I'll assume you meant 0770? 775 and 771 don't solve the problem, and I
don't see the point of 774 over 770...

> I don't know why the directory is currently mode 0755,

It's the debian default, and I never considered the issue before, and
nobody complained. But it's easy to fix at this point.

Steve

-- 
Steve Greenland
    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world.       -- seen on the net