Xref: utzoo comp.unix.admin:1393 alt.security:2016
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!decwrl!deccrl!news.crl.dec.com!shlump.nac.dec.com!tkou02.enet.dec.com!jit345!diamond
From: diamond@jit345.swstokyo.dec.com (Norman Diamond)
Newsgroups: comp.unix.admin,alt.security
Subject: Re: cron.allow, cron.deny: what's the big deal?
Message-ID: <1991Mar25.074159.15717@tkou02.enet.dec.com>
Date: 25 Mar 91 07:41:59 GMT
References: <DANJ1.91Mar23195339@cbnewse.ATT.COM>
Sender: news@tkou02.enet.dec.com (USENET News System)
Reply-To: diamond@jit345.enet@tkou02.enet.dec.com (Norman Diamond)
Organization: Digital Equipment Corporation Japan , Tokyo
Lines: 13

In article <DANJ1.91Mar23195339@cbnewse.ATT.COM> Dan_Jacobson@ATT.COM writes:

>So what's the big security increase gained by having to ask root to
>let you use crontab?  The only cron related problem I can see is
>forgetting to remove a user's crontab and at(1) jobs when her/his
>account is deleted, e.g., at the end of the semester.  Am I just dim?

Well, when cron is denied, it is only necessary to remember to kill the
user's executing processes when his/her account is deleted.  And change
the owner of their controlling ttys or other accessed devices, etc.
--
Norman Diamond       diamond@tkov50.enet.dec.com
If this were the company's opinion, I wouldn't be allowed to post it.