Generally, user crontabs are only visible by the owner.
Ok, from now on [1], systemd-cron do it's best to keep those secret:
-) the crontab line is not anymore in the job description
-) chmod o-r /run/systemd/generator/cron-user-user-#.(timer|service)
systemctl status is fixed ; and a ordinary
Package: systemd-cron
Version: 1.3.1+ds1-1
Severity: minor
Generally, crontabs are only visible by the owner.
After #766053 gets fixed, the issue still remains in the sense that the
generated units/timers (coming from crontabs) have root:root 644 permissions,
which are readable by everyone.
The current status of /var/spool/cron/crontabs is undetermined ...
users either inherit what was setup up by the previosu cron daemon or
get a vanilla 0755 folder
on fresh install.
e.g.: http://anonscm.debian.org/cgit/pkg-cron/pkg-cron.git/tree/debian/postinst
Having crontab translate on the fly
On 11/03/2014 12:43 PM, Alexandre Detiste wrote:
The current status of /var/spool/cron/crontabs is undetermined ...
users either inherit what was setup up by the previosu cron daemon or
get a vanilla 0755 folder
on fresh install.
e.g.:
On 11/03/2014 12:48 PM, Yuri D'Elia wrote:
e.g.:
http://anonscm.debian.org/cgit/pkg-cron/pkg-cron.git/tree/debian/postinst
Having crontab translate on the fly user crontabs into ~/.config/systemd/user
service timers (systemd --user) would avoid all these security problems.
This need a
5 matches
Mail list logo
