Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!pasteur!ucbvax!decwrl!labrea!Portia!forel!karish From: karish@forel.stanford.edu (Chuck Karish) Newsgroups: comp.mail.uucp Subject: Re: su uucp in crontabs/root ? Keywords: root uucp crontab su Message-ID: <1952@Portia.Stanford.EDU> Date: 1 May 89 02:16:37 GMT References: <75@norsat.UUCP> <2008@egvideo.UUCP> <1951@Portia.Stanford.EDU> Sender: USENET News System Reply-To: karish@forel.stanford.edu (Chuck Karish) Distribution: na Organization: Mindcraft, Inc. Lines: 22 In article <2008@egvideo.UUCP> edhew@egvideo.UUCP (Ed Hew) wrote: >In article <75@norsat.UUCP> dave@norsat.UUCP (Dave Binette) writes: >>Our SCO XENIX 2.3.1 installation of usenet news suggests installing lines >>such as 9,39 * * * * ulimit 5000; /bin/su -c "/usr/lib/uucp/uu... >> >>Can anyone tell me why this 'su' is neccessary? > >Without any research or certainty, I will hazard a guess that many sites >would have restricted fileperms on some if not all of the files accessed >by these crontabs entries, hence the need for a bit more power via the su >command. I know that's the case here on my site. But 'su' will fail unless the command is already being run with root privilege! As written above, the '/bin/su -c' is redundant. It probably should be '/bin/su uucp -c...'. It's common to use sych a construction as a security precaution. If someone manages to cause uux or uucico or some such to do something naughty, it will be done with uucp's privileges rather than with root's. Chuck Karish {decwrl,hpda}!mindcrf!karish (415) 493-7277 karish@forel.stanford.edu