allowing users to run crontab
Mike Bethune
Mike.Bethune at fusepoint.com
Wed Jul 30 15:06:19 EDT 2003
yes I know that but I don't allow access to run the suid root binary crontab. the permissions are that only root can execute it, and I wanted to let only some users run it by using sudo...
thanks,
mike
> -----Original Message-----
> From: Ladner, Eric (Eric.Ladner)
> [mailto:Eric.Ladner at chevrontexaco.com]
> Sent: Wednesday, July 30, 2003 12:00 PM
> To: Mike Bethune; sudo-users at sudo.ws
> Subject: RE: allowing users to run crontab
>
>
> User1 is editing only his own crontab? If so, you don't need sudo for
> that.
>
> Just 'crontab -e' logged in as that user will edit his own crontab.
>
> For other security related stuff, man cron.allow and cron.deny to
> include/exclude users from using cron.
>
> Eric
>
> -----Original Message-----
> From: Mike Bethune [mailto:Mike.Bethune at fusepoint.com]
> Sent: Wednesday, July 30, 2003 1:16 PM
> To: sudo-users at sudo.ws
> Subject: allowing users to run crontab
>
>
> Hello,
>
> I would like to use sudo to allow crontab usage for some
> users as below:
> Cmnd_Alias USER1CRON = /usr/bin/crontab -u user1 /home/user1/crontab,
> /usr/bin/crontab -u user1 -r, /usr/bin/crontab -u user1 -l
>
> but I realize that user1 could simply create a link from his
> /home/user1/crontab to say /var/spool/crontab/root (or any
> other file),
> and so end up reading this file with root privileges. If the file he
> sym links to isn't a valid crontab then he'll see an error
> that quotes a
> (small?) part of the file that isn't in valid crontab format.
>
> Can someone tell me how I could fix this (without allowing them to run
> crontab directly :). Thanks,
>
> Mike
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
>
>
More information about the sudo-users
mailing list