We have recently spotted that the behaviour of the cronie daemon has changed and it breaks cron for our users with AFS home directories. The change in question is:
https://bugzilla.redhat.com/show_bug.cgi?id=697485 In EL6 the code change is in patch cronie-1.4.4-popen697485.patch which was applied in 1.4.4-9.el6 to add a call to the cron_change_user_permanently function which does a setreuid call to drop privileges. This is clearly necessary but there is a (probably unintended) side-effect which is that access is denied whenever the home directory in the passwd file is inaccessible (in our case due to a lack of Kerberos ticket and AFS tokens). We have always worked around this inaccessible home directory problem for AFS users by setting the HOME environment variable in the crontab to a directory in the local filesystem (e.g. /tmp), that strategy works fine with version 1.4.4-7.el6 which does not contain the patch. This is really just a note that it might affect other sites in the same way, if anyone knows people at Redhat to poke to get an improved version of the patch, that would be great. Regards, Stephen Quinney
