Package: cron Version: 3.0pl1-127 Severity: wishlist Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** Hello, If you add the option ProtectSystem=yes to the service file, then the daemon will not have the ability to write to /usr. There is no reason why it needs to write there, so enabling this option should not cause any problems. This option is one of the systemd security features for systemd service files that was detailed in a talk[0] given by Lennart which details various security features you can enable in your package's service files. micah [0] http://ftp.nluug.nl/video/nluug/2014-11-20_nj14/zaal-2/5_Lennart_Poettering_-_Systemd.webm -- Package-specific info: --- EDITOR: not set --- /usr/bin/editor: /bin/nano --- /usr/bin/crontab: -rwxr-sr-x 1 root crontab 36008 Oct 25 18:04 /usr/bin/crontab --- /var/spool/cron: drwxr-xr-x 5 root root 4096 Sep 21 21:30 /var/spool/cron --- /var/spool/cron/crontabs: drwx-wx--T 2 root crontab 4096 Oct 5 22:20 /var/spool/cron/crontabs --- /etc/cron.d: drwxr-xr-x 2 root root 4096 Nov 25 10:52 /etc/cron.d --- /etc/cron.daily: drwxr-xr-x 2 root root 4096 Nov 29 15:56 /etc/cron.daily --- /etc/cron.hourly: drwxr-xr-x 2 root root 4096 Oct 26 23:40 /etc/cron.hourly --- /etc/cron.monthly: drwxr-xr-x 2 root root 4096 Oct 26 23:40 /etc/cron.monthly --- /etc/cron.weekly: drwxr-xr-x 2 root root 4096 Nov 25 10:52 /etc/cron.weekly -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cron depends on: ii adduser 3.113+nmu3 ii debianutils 4.4+b1 ii dpkg 1.17.22 ii init-system-helpers 1.22 ii libc6 2.19-13 ii libpam-runtime 1.1.8-3.1 ii libpam0g 1.1.8-3.1 ii libselinux1 2.3-2 ii lsb-base 4.1+Debian13+nmu1 Versions of packages cron recommends: ii postfix [mail-transport-agent] 2.11.3-1 Versions of packages cron suggests: ii anacron 2.3-22 pn checksecurity <none> ii logrotate 3.8.7-1+b1 Versions of packages cron is related to: pn libnss-ldap <none> pn libnss-ldapd <none> pn libpam-ldap <none> pn libpam-mount <none> pn nis <none> pn nscd <none> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org