home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!dtix!darwin.sura.net!ukma!rutgers!psinntp!psinntp!cubetech.com!imladris!andrew
- From: andrew@cubetech.com (Andrew Loewenstern)
- Newsgroups: comp.sys.next.sysadmin
- Subject: Re: Is cron going to get better?
- Message-ID: <1992Jul21.084021.20881@cubetech.com>
- Date: 21 Jul 92 08:40:21 GMT
- References: <1992Jul18.172701.3216@fishbone.uucp> <1992Jul20.033852.14325@cubetech.com> <CKD.92Jul20100637@loiosh.eff.org>
- Organization: Cube Technologies, Inc.
- Lines: 29
-
- In article <CKD.92Jul20100637@loiosh.eff.org> ckd@eff.org (Christopher Davis) writes:
- >Andrew> == Andrew Loewenstern <andrew@cubetech.com>
- >
- > Andrew> The crontab files can be owned by any user or group since the
- > Andrew> cron process runs as root. I just checked my crontab.local and
- > Andrew> it's owned by andrew.other (oops) and cron doesn't seem to
- > Andrew> mind. Just create a group for the people who will be
- > Andrew> administering the crontab files, add those people to that
- > Andrew> group, and chown the files as root.groupname and set the
- > Andrew> permissions appropriately.
- >
- >Hey, what a deal! Now everyone in this group can trivially become root.
- >Better make sure they all have really good passwords, nothing bogus in
- >.rhosts, etc.
- >
- >This is *not* a particularly good idea if you have any security worries
- >(like, say, you're hooked up to the Internet, in a public lab, or the
- >like) and it's probably not that much tougher to port the Vixie cron.
-
- While the solution I presented would be just fine for most situations
- where the machines are not accessable from the outside, it was
- certainly not to be interpreted as the end-all-be-all solution.
-
-
- andrew
- --
- andrew@cubetech.com
- Andrew Loewenstern | "If I am not for myself, who will be for me?
- Cube Technologies, Inc. | If I am only for myself, who am I?" -Hillel
-