This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Pb with permissions on crontab


Corinna Vinschen <corinna-cygwin@cygwin.com> writes:

> On Mar  2 09:42, Julien Gilles wrote:
>> Julien Gilles <jgilles@glmultimedia.com> writes:
>> > I'am playing with cron, and I have the following problem : I want to
>> > modify the crontab through a service (a cgi in an apache server in
>> > fact). This service belongs to the user SYSTEM, so I used "crontab -u
>> > Administrator file" to set the Administrator's crontab (in a perl cgi
>> > script).
>> 
>> As I get no answer to my email, I suppose that I perhaps choose the
>> wrong mailing list. Should I contact directly the cygwin maintainer of
>
> No.  The right place is here.
>
> Did you read the comment right before the chown command?  Your patch
> is rather intrusive.  It looks as if it will work only for privileged
> accounts now.  Since you're using crontab from a shell script anyway,
> I don't see why you couldn't use chown or setfacl in the same script
> after calling crontab.

Of course, I can use chown in a script, but I think it's cron's job to
correctly set permissions and ownership. 

See following examples (with the official crontab) :

- A new crontab for an user created with -u (eg SYSTEM runs crontab) :

SYSTEM@hal /
$ crontab -u Administrateur -e
no crontab for Administrateur - using an empty one
crontab: installing new crontab

SYSTEM@hal /
$ ls -l  /var/cron/tabs/Administrateur
-rw-------    1 SYSTEM   SYSTEM        194 Mar  2 13:26 /var/cron/tabs/Administrateur

And of course :

Administrateur@hal ~
$ crontab -e
tabs/Administrateur: Permission denied

- If the user's crontab already exists (ie created with crontab -e by
  the user)

Administrateur@glmsatadmin ~
$ ls -lFa /var/cron/tabs/Administrateur 
-rw-r-----    1 Administ SYSTEM        194 Mar  2 13:28 /var/cron/tabs/Administrateur

SYSTEM@glmsatadmin /
$ crontab -u Administrateur -e
crontab: installing new crontab
crontab: error renaming tabs/tmp.002368 to tabs/Administrateur
rename: Permission denied
crontab: edits left in /tmp/crontab.2368

The correct behaviour should be to allow SYSTEM to edit a user's
crontab, and to allow the user to edit his crontab without to worry
about the permissions in /var/cron/tabs/. 

I understand the comment right before the chown command as : "we have
to set the group to SYSTEM to allow SYSTEM to read the file ; cron is
a service, and has SYSTEM rights".

But here it's another problem : the user SYSTEM should be able to
write the file, wihtout changing ownership (as under UNIX).

I tried to set permissions to 660 for the crontab, but crontab failed
again on "rename: Permission denied". It's strange, read and write
permissions are not enough to modify a file (?) That's why I force the
ownership to ROOT_UID, modify the crontab, and then give it back to
the user.


-- 
Julien Gilles.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]