Re: [gentoo-user] cron and crontab
First, try paragraphs! On Thursday 21 August 2003 13:51, Scott Jones wrote: > I never really have used cron but lately i have been trying to. I was > trying to get it to check my email hourly by putting an entry into the > cron.hourly directory. Well suffice to say it did not work. So i deleted > the file and The /etc/cron.[daily,hourly,monthly,weekly] directories are use for system administrative stuff by convention. However, it should work anyway. > next i was trying to use crontab from my local user. I could > not so after much google searching I made a cron.allow file and added my > user to it. This still didnt work. I added my users name into the cron > entry in my /etc/groups file. Still no dice. To use cron as an unpriveleged user, that user must be in the cron group in /etc/group. Once that is done, logout and login again to update permissions, after which you can run "crontab -e" to edit your cron jobs. I think it's insane, but group membership only seems to be read at logon time. (somebody please correct me and/or tell me how to make it *always* read /etc/group!) The format for crontab can be found by running "man 5 crontab". > Finally i went and modifed > the privledges onthe executable now i can use crontab as a normal user, but > after more searching i found that there is a buffer overflow attack which > can allow a non root user to get root privledges. I am the only user of my > system so i am not to worried but i was wondering if someone more > knowledgeable could tell me if what i am doing is silly. I haven't touched the permissions on my /usr/bin/crontab or /usr/sbin/cron. The info you found on the buffer flow overflow should have been tied to specific version(s). Did you check if the version you have is vulnerable? I imagine it probably is not. Either way, the default permissions seem fine. > Should i just > figure a way to do everything i want to do with cron from root. I > personally am leaning toward figuring a way to do it just with root, > because i figure there is a reason why cron and crontab were installed with > the permissions they had. Your feedback is appreciated. I suggest re-emerging vcron (or whichever cron you're using), confirming you have correct permissions on /var/spool/cron/crontabs/* or perhaps just removing the /var/spool/cron directory before re-emerging vcron, and then using "crontab -e" to edit cron settings. Also, read "man 1 crontab" and 'man 1 cron'. Regards, Jason -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] cron and crontab
Your '/usr/bin/crontab' should be owned by 'root:cron' with permissions '-rwxr-x---' Any unpriviledged user that shall use 'crontab' must belong to the 'cron' group. Login as an unpriviledged user and type 'crontab -l' to list your current entries. If that tells you your crontab is empty, everything is fine. You just create (edit) your private crontab with 'crontab -e'. If this doesn't work, please send copies of your permissions and any error messages. Gus Scott Jones <[EMAIL PROTECTED]> "I added my users name into the cron entry in my /etc/groups file. Still no dice." -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] cron and crontab
On Thursday 21 August 2003 15:48, [EMAIL PROTECTED] wrote: > Your > > '/usr/bin/crontab' should be owned by 'root:cron' with permissions > '-rwxr-x---' Hmmm, mine (which I haven't changed) has permission -rwsr-x--- and owned by root:cron. Checking /var/spool/cron/crontabs/*, I find they have permissions -rw--- and are owned by root:. Seems to me this is partially done to protect the user from directly editing /var/spool/cron/crontabs/ which then of course would not take effect until crond was restarted. Are you certain of what you wrote above? Regards, Jason -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] cron and crontab
I had a look at this yesterday evening. I will double check tonight. (Unfortunately, I find myself in front of M$ products all day long.) Gus Jason Stubbs <[EMAIL PROTECTED]To: [EMAIL PROTECTED] ndnews.com>cc: (bcc: Gustav Schaffter/CDS/CG/CAPITAL) Subject: Re: [gentoo-user] cron and crontab 21-08-2003 09:04 Please respond to gentoo-user On Thursday 21 August 2003 15:48, [EMAIL PROTECTED] wrote: > Your > > '/usr/bin/crontab' should be owned by 'root:cron' with permissions > '-rwxr-x---' Hmmm, mine (which I haven't changed) has permission -rwsr-x--- and owned by root:cron. Checking /var/spool/cron/crontabs/*, I find they have permissions -rw--- and are owned by root:. Seems to me this is partially done to protect the user from directly editing /var/spool/cron/crontabs/ which then of course would not take effect until crond was restarted. Are you certain of what you wrote above? Regards, Jason -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] cron and crontab
On Thu, 21 Aug 2003 15:00:06 +0900 Jason Stubbs <[EMAIL PROTECTED]> wrote: > To use cron as an unpriveleged user, that user must be in the cron group in > /etc/group. Once that is done, logout and login again to update permissions, > after which you can run "crontab -e" to edit your cron jobs. I think it's > insane, but group membership only seems to be read at logon time. (somebody > please correct me and/or tell me how to make it *always* read /etc/group!) hi, it's kind of silly but you could do: % sg cron -c 'crontab -e' from the current shell after being added to cron group. that prevents a logout at least. or "newgrp cron", too. j. > > Regards, > Jason > > > -- > [EMAIL PROTECTED] mailing list > > -- [EMAIL PROTECTED] mailing list
RE: [gentoo-user] cron and crontab
Scott, > I never really have used cron but lately i have been trying to. I > was trying to get it to check my email hourly by putting an entry > into the cron.hourly directory. Well suffice to say it did not work. I'm just curious. Most email clients have a switch to check the email every so often, and you can set it to any length you want. Of course, the process has to be running. With cron it will start the email client to perform the check then close it (I assume), so you don't have it running all the time. With memory and swap space so cheap, though, I'd think that would be the easy solution. In Harmony's Way, and In A Chord, Tom :-}) Thomas A. Condon Barbershop Bass Singer Registered Linux User #154358 Interfere not in the business of Dragons, For you are crunchy when flamed and taste good. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] cron and crontab
On Friday 22 August 2003 02:25, Condon Thomas A KPWA wrote: > > I never really have used cron but lately i have been trying to. I > > was trying to get it to check my email hourly by putting an entry > > into the cron.hourly directory. Well suffice to say it did not work. > > I'm just curious. Most email clients have a switch to check the email > every so often, and you can set it to any length you want. Of course, the > process has to be running. With cron it will start the email client to > perform the check then close it (I assume), so you don't have it running > all the time. With memory and swap space so cheap, though, I'd think that > would be the easy solution. I think he's talking about using fetchmail like many people do. I hate having to wait for mail to download (especially when connected via dial-up) so use fetchmail with cron to do it in the background. When I open my mail client, I tell it to get mail from /var/spool/mail/jason and, presto, it's there. Even more importantly, I'm using spamassassin which is somewhat slow (again especially when connected via dial-up) so I don't have to wait for that either. Regards, Jason -- [EMAIL PROTECTED] mailing list
