allowing users to run crontab

Ladner, Eric (Eric.Ladner) Eric.Ladner at chevrontexaco.com
Wed Jul 30 15:00:03 EDT 2003


User1 is editing only his own crontab?  If so, you don't need sudo for
that.

Just 'crontab -e' logged in as that user will edit his own crontab.

For other security related stuff, man cron.allow and cron.deny to
include/exclude users from using cron.

Eric

-----Original Message-----
From: Mike Bethune [mailto:Mike.Bethune at fusepoint.com] 
Sent: Wednesday, July 30, 2003 1:16 PM
To: sudo-users at sudo.ws
Subject: allowing users to run crontab


Hello,

I would like to use sudo to allow crontab usage for some users as below:
Cmnd_Alias USER1CRON = /usr/bin/crontab -u user1 /home/user1/crontab,
/usr/bin/crontab -u user1 -r, /usr/bin/crontab -u user1 -l

but I realize that user1 could simply create a link from his
/home/user1/crontab to say /var/spool/crontab/root (or any other file),
and so end up reading this file with root privileges.  If the file he
sym links to isn't a valid crontab then he'll see an error that quotes a
(small?) part of the file that isn't in valid crontab format.

Can someone tell me how I could fix this (without allowing them to run
crontab directly :). Thanks,

Mike

____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users





More information about the sudo-users mailing list