Path: utzoo!attcan!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!cwjcc!hal!ncoast!allbery
From: allbery@ncoast.ORG (Brandon S. Allbery)
Newsgroups: comp.unix.questions
Subject: Re: at files and permissions
Message-ID: <13810@ncoast.ORG>
Date: 9 Jul 89 15:42:40 GMT
References: <1894@cbnewsh.ATT.COM> <669@lzaz.ATT.COM> <13809@ncoast.ORG>
Reply-To: allbery@ncoast.ORG (Brandon S. Allbery)
Followup-To: comp.unix.questions
Distribution: na
Organization: Cleveland Public Access UN*X, Cleveland, Oh
Lines: 25

As quoted from <13809@ncoast.ORG> by allbery@ncoast.ORG (Brandon S. Allbery):
+---------------
| As quoted from <669@lzaz.ATT.COM> by hutch@lzaz.ATT.COM (R.HUTCHISON):
| +---------------
| | About "at" requiring "root" permission, I guess it needs it to write
| | into the "atjobs" directory.
| +---------------
| 
| at needs root permissions so it can setuid() itself to the owner of the at
| job file, so it can execute the job as the user who submitted it.
+---------------

Whoops!  Open mouth, insert foot....  ;-) The run-jobs side of "at" needs root
for that -- but the run-jobs side is cron.  "at" needs root permissions to
write to /usr/lib/cron/FIFO and thereby notify cron that something has
changed.  (FIFO is writable only be root, again for security reasons.)

Gotta stop posting news before my first cup of coffee in the morning ;-)

++Brandon
-- 
Brandon S. Allbery, moderator of comp.sources.misc	     allbery@ncoast.org
uunet!hal.cwru.edu!ncoast!allbery		    ncoast!allbery@hal.cwru.edu
      Send comp.sources.misc submissions to comp-sources-misc@<backbone>
NCoast Public Access UN*X - (216) 781-6201, 300/1200/2400 baud, login: makeuser