Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cuae2!ihnp4!houxm!hropus!jrw From: jrw@hropus.UUCP (Jim Webb) Newsgroups: net.unix-wizards Subject: Re: Cron questions Message-ID: <705@hropus.UUCP> Date: Fri, 3-Oct-86 13:33:45 EDT Article-I.D.: hropus.705 Posted: Fri Oct 3 13:33:45 1986 Date-Received: Sat, 4-Oct-86 12:24:40 EDT References: <6300012@wvlpdp> Organization: Bell Labs, Holmdel, NJ Lines: 50 > What are people's favorite way to have cron to things as certain > users. > Does a "best" method exist? > > I have seen things like: > > 30 * * * * /bin/su foo < a/shell.script YUK! Ooops, he wants politeness :-) > but does this work if user foo has a password? Under System V (before Release 2) cron ran as root, so no passwd was needed. It is much nicer to do it like so: 30 * * * * /bin/su person -c "whatever" If you use the dash option, the /etc/profile and ~person/.profile will be read ( at least with the assumption that the Bourne shell is used). Then, you do not need to worry that this "whatever" is going to be a security problem. [Under SVR2 cron is still run as root, but individual crontabs are used, so the user id is set to the specific user before the commands are run] > > One method I have thought off is to have cron start a set uid program > that checks if the user is root or the owner of cron. Are you a Berkeley site? We SVR-er's always have cron running as root. > The program then examines the first line of a shell script to obtain > the user-id to set before fork/exec'ing /bin/sh to run the shell script. > What, if anything, does this do to security etc. > > Sample script: > # uidhere > function of shell script > > end script First off, sometimes people want binaries run from cron, and secondly, you would have to make sure root owned the file as well as all directories leading to it and that the perms are set to read-only, otherwise, this first line could be easily changed. > Polite E-mail responses welcomed. :-) -- Jim Webb "Out of phase--get help" ...!ihnp4!hropus!jrw