one point I can make is that if a script thats run as root has some kind
of "error" (by that I mean that it does something not intended) the
damage can be severe (for example and yes this is a extreme example)
your cron job's "job" is to clean up directories directory
/data/archive (for example)
but something happens and it gets the path / instead of /data/archive
well as root you will wipe out the entire system, whereas a non root
user you will not (or should not if your system is setup correctly)
delete any OS files and while yes you may have to reinstall your data
the OS itself should be fine
like i said, I know this is an extreme example, it gives you an idea
why a lot of system adman's only run as root cron jobs that HAVE to be
run as root (i.e. requires root privileges BUT even this is discouraged
as there are tons of programs that let processes run as root for certain
commands ONLY (sudo for example))
now I suppose that you can argue if a program is ONLY generating reports
or such that there is no danger BUT one additional thing to keep in
mind is that if someone were to hack into your system and replace your
report only program with say a program to change root's passed or modify
some network setting, turn off your firewall, etc ......
you have given them a way to run commands as root without having to know
the root passed, whereas if it was run by a user they can do no more
damage than the user could do
once again an extreme example but I hope that I at least gave you some
ideas why its not always a good idea to ruin commands as root from cron
(or any other place where its not absolutely required)
dougc
[EMAIL PROTECTED] wrote:
Ditto for me.
When you come into a situation and 'we've always done it that way' is the
phrase explaining 'why' it's nice to have good information to make a case
to make a change.
Thanks,
Karl
<quote who="Jerry Banker">
John,
You've said this before. Could you elaborate a little more on this? We
run many tasks on cron as root and have never had any problems both with
Solaris and Linux.
Jerry
-----Original Message-----
From: John Jenkins [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 11, 2007 6:19 PM
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] Error code 2
Karl
I can't see enough from your posting, but if you are running UniVerse
foreground processes from crontab as root then please don't....
especially
AIX.
Change to a non-root crontab
Regards
JayJay
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 11 July 2007 15:07
To: u2-users@listserver.u2ug.org
Subject: [U2] Error code 2
The following cron response came to me at 2:30pm in the day. We have
programs that run at various times, but this is the first time I've seen
this. What are the probable causes? TIA, Karl
***************** BEGIN CRON EMAIL ********************
1537 record(s) selected to SELECT list #0.
A fatal error has occurred in UniVerse.
Unable to re-open operating system file ""
Error code 2
*****************************************************************
cron: The previous message is the standard output
and standard error of one of the cron commands.
**************** END CRON EMAIL ********************
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
--
When you are SURE that everything in your program is correct
AND your program STILL DOES NOT work, one thing you can be
sure of is that something you are sure of is wrong
- unknown
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
