On Wed, Aug 21, 2002 at 06:39:55PM -0500, Steve Greenland wrote: > On 21-Aug-02, 15:10 (CDT), Marc Singer <[EMAIL PROTECTED]> wrote: > > It would help to have an example. > > I could have sworn I had a footnote about /etc/cron.allow, with a > reference to the appropriate manpage :-). Okay, it's not the *best* > example, because I don't actually ship a cron.allow, but the point is > there: A missing cron.allow permits everybody to use crontab, while an > empty cron.allow forbids use of crontab by anybody (except root, of > course).
It does appear that there are a couple of good examples. In fact, this is not one of them since what you ought to ship is a cron.allow that blocks everything, right? That way the default behavior is obvious to someone browsing the configuration. As far as I can tell, there aren't many 'dangerous' examples. A package may install a crontab file in cron.d that is deleted by the user. Apparently, apache2 performs directory scanning for configuration files, too. Examples such as BASH are definitely *not* dangerous since the default file contains a single, innocuous directive. As I wrote in another message, given that there is an override switch in dpkg, that switch would be helpful if available in apt-get.
