[gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Enrico Weigelt]

Hi folks,


I've just installed cron and wanted to edit an user's crontab
with "crontab -e". This didn't work: permission denied.

It is easy to fix, by "chmod ugo+s", but after an update,
the shit starts again ...

Smells like a bug.


cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service

  phone:     +49 36207 519931         www:       http://www.metux.de/
  fax:       +49 36207 519932         email:     contact@metux.de
  cellphone: +49 174 7066481
---------------------------------------------------------------------
 -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops --
---------------------------------------------------------------------
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Enrico Weigelt wrote:
> I've just installed cron and wanted to edit an user's crontab
> with "crontab -e". This didn't work: permission denied.

Remember that the user must be in the cron group to be able to use cron/crontab.

- --
Arturo "Buanzo" Busleiman - VPN Mail Project - http://vpnmail.buanzo.com.ar
Consultor en Seguridad Informatica - http://www.buanzo.com.ar
Genetic - A multiplatform Gentoo Portage Frontend - http://genetic.sourceforge.net
for f in www blog linux-consulting vpnmail; do firefox http://$f.buanzo.com.ar ; done
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEmTBNAlpOsGhXcE0RAgrZAJ9+t4inis6bXZHoebPYWuEEVJtGeACeOtMO
o1BdoTJwRjmITuR/5uVQ98g=
=biao
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Alexander Skwar]

Enrico Weigelt wrote:
> Hi folks,
> 
> 
> I've just installed cron and wanted to edit an user's crontab
> with "crontab -e". This didn't work: permission denied.

Correct.

> It is easy to fix, by "chmod ugo+s", but after an update,
> the shit starts again ...

No, that's not a fix. That's a break in.

> Smells like a bug.

How do you get that idea? It rather smells, as if you haven't
done the slightest checks and it sounds as if everything is
working as intended.

Alexander Skwar
-- 
Dreams are free, but there's a small charge for alterations.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Dirk Heinrichs]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 788 bytes --]

Am Mittwoch, 21. Juni 2006 13:34 schrieb ext Enrico Weigelt:

> I've just installed cron and wanted to edit an user's crontab
> with "crontab -e". This didn't work: permission denied.

Looks quite normal.

> It is easy to fix, by "chmod ugo+s", but after an update,
> the shit starts again ...

Or by editing /etc/cron.allow (may be a different file, depending on cron 
flavour).

> Smells like a bug.

Works as designed.

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Hambornerstraße 55      | Web:  http://www.capgemini.com
D-40472 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Etaoin Shrdlu]

On Wednesday 21 June 2006 13:34, Enrico Weigelt wrote:
> Hi folks,
>
>
> I've just installed cron and wanted to edit an user's crontab
> with "crontab -e". This didn't work: permission denied.
>
> It is easy to fix, by "chmod ugo+s", but after an update,
> the shit starts again ...
>
> Smells like a bug.

More like you have to add the user to the cron grup.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Shaochun Wang]

It's a dangerous action to change a program's setuid bit!


-- 
Shaochun Wang(王绍春) <scwang@ios.ac.cn>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Alexander Skwar]

Dirk Heinrichs wrote:
> Am Mittwoch, 21. Juni 2006 13:34 schrieb ext Enrico Weigelt:

>> It is easy to fix, by "chmod ugo+s", but after an update,
>> the shit starts again ...
> 
> Or by editing /etc/cron.allow

Nah, doesn't help. Just have a look at /usr/bin/crontab.

>> Smells like a bug.
> 
> Works as designed.

Yes.

Alexander Skwar
-- 
economist, n:
	Someone who's good with figures, but doesn't have enough
	personality to become an accountant.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Enrico Weigelt]

Hi folks,


Putting the users into the cron group fixed it. 
Okay, as it should be ;-o

In all these years I never had a system which required this.

For security reasons, this is not bad, so certain users can be
both allowed to have an crontab but forbidden to edit it.

But this is quite inconvenient, if you have dozens of users and
want to allow them all to edit their crontabs.

I would prefer an more advanced crontab(1) program, which can
be executed by all, but has an finer permission config. It also
could allow more checks (ie. via external filters ?) against
the to-be-installed crontab (ie. limit the amount of jobs or
set minimum intervals for some folks).


cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service

  phone:     +49 36207 519931         www:       http://www.metux.de/
  fax:       +49 36207 519932         email:     contact@metux.de
  cellphone: +49 174 7066481
---------------------------------------------------------------------
 -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops --
---------------------------------------------------------------------
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Dirk Heinrichs]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 535 bytes --]

Am Mittwoch, 21. Juni 2006 14:29 schrieb ext Alexander Skwar:

> > Or by editing /etc/cron.allow
>
> Nah, doesn't help. Just have a look at /usr/bin/crontab.

Yes, you're right.

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Hambornerstraße 55      | Web:  http://www.capgemini.com
D-40472 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 442 bytes --]

On Wed, 21 Jun 2006 15:32:31 +0200, Enrico Weigelt wrote:

> But this is quite inconvenient, if you have dozens of users and
> want to allow them all to edit their crontabs.

egrep ^.*?:.*?:.*?:100: /etc/passwd | cut -d: -f1 | while read u do gpasswd -a $u cron; done

will add all users from group GID 100 (users on this system) to the cron
group.


-- 
Neil Bothwick

"Bother," said Pooh, as he was given another bad script.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Bo Ørsted Andresen]

[-- Attachment #1: Type: text/plain, Size: 438 bytes --]

On Wednesday 21 June 2006 16:20, Neil Bothwick wrote:
> egrep ^.*?:.*?:.*?:100: /etc/passwd | cut -d: -f1 | while read u do gpasswd
> -a $u cron; done
>
> will add all users from group GID 100 (users on this system) to the cron
> group.

Well...

awk -F: "\$4~/^\
`awk -F: '$1~/^users$/{print $3}' < /etc/group`\
\$/{print \$1}" < /etc/passwd | \
while read user; do
	gpasswd -a "$user" cron
done

;)

-- 
Bo Andresen

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Problem: unprivileged user cannot use /usr/bin/crontab

[Alexander Skwar]

Enrico Weigelt wrote:

> But this is quite inconvenient, if you have dozens of users and
> want to allow them all to edit their crontabs.

Why is that "inconvenient"? Just put them in the appropriate
group - where's the problem?

Alexander Skwar
-- 
Being a miner, as soon as you're too old and tired and sick and stupid to
do your job properly, you have to go, where the very opposite applies with
the judges.
		-- Beyond the Fringe
-- 
gentoo-user@gentoo.org mailing list