Re: setgid crontab
On 02-Aug-03, 17:00 (CDT), Russell Coker <firstname.lastname@example.org> wrote:
> On Sun, 3 Aug 2003 05:51, Steve Greenland wrote:
> Sounds good to me. You are not the first person to do it however, I believe
> that Solar Designer did the same thing for OpenWall (of course when Solar
> Designer has the same security idea as you then it's a good sign you're doing
> the right thing).
I'd be flattered, except it wasn't my idea, I just finally got around to
doing it. :-) But I'll take a look at SD's version.
> If a user is listed in /etc/cron.deny then "crontab -l" does not work for
> them, so if you permit them to cat the file directly then you are changing
> the functionality, which may not be desired.
Ah, good catch. Of course, neither does 'crontab -e', but I suppose root
could have put the file their for them.
> It's easy enough to make the directory containing the files be mode 0775 to
> solve this.
I'll assume you meant 0770? 775 and 771 don't solve the problem, and I
don't see the point of 774 over 770...
> I don't know why the directory is currently mode 0755,
It's the debian default, and I never considered the issue before, and
nobody complained. But it's easy to fix at this point.
The irony is that Bill Gates claims to be making a stable operating
system and Linus Torvalds claims to be trying to take over the
world. -- seen on the net