Xref: utzoo comp.unix.questions:9807 comp.unix.wizards:11812
Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!uwvax!umn-d-ub!umn-cs!randy
From: randy@umn-cs.CS.UMN.EDU (Randy Orrison)
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Re: Why does a shell script fail in crontab?
Message-ID: <9635@umn-cs.CS.UMN.EDU>
Date: 19 Oct 88 15:27:20 GMT
References: <287@lakart.UUCP>
Reply-To: randy@umn-cs.UUCP (Randy Orrison)
Organization: Chemical Computer Thinking Battery, St. Paul, MN
Lines: 18

In article <287@lakart.UUCP> dg@lakart.UUCP (David Goodenough) writes:
|0 7 * * *	root	/usr/local/dopath
		^^^^
|Note: this is a setuid
|root shell script - yes I am aware of the possible security leak, 

My question is: WHY is this a setuid shell script?  As set in your
crontab, it's executed by root, so there's no reason I can see to have
it setuid also.  In a situation like yours (only two users, both
trusted) I can see that it wouldn't be too much of a worry, but to do
it for no reason is just plain silly.

	-randy
--
Randy Orrison, Chemical Computer Thinking Battery  --  randy@cctb.mn.org
(aka randy@{ux.acss.umn.edu, umn-cs.uucp, umnacca.bitnet, halcdc.uucp})

		"So many bits, so few cycles."