This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Pb with permissions on crontab
Corinna Vinschen <corinna-cygwin@cygwin.com> writes:
> On Mar 2 09:42, Julien Gilles wrote:
>> Julien Gilles <jgilles@glmultimedia.com> writes:
>> > I'am playing with cron, and I have the following problem : I want to
>> > modify the crontab through a service (a cgi in an apache server in
>> > fact). This service belongs to the user SYSTEM, so I used "crontab -u
>> > Administrator file" to set the Administrator's crontab (in a perl cgi
>> > script).
>>
>> As I get no answer to my email, I suppose that I perhaps choose the
>> wrong mailing list. Should I contact directly the cygwin maintainer of
>
> No. The right place is here.
>
> Did you read the comment right before the chown command? Your patch
> is rather intrusive. It looks as if it will work only for privileged
> accounts now. Since you're using crontab from a shell script anyway,
> I don't see why you couldn't use chown or setfacl in the same script
> after calling crontab.
Of course, I can use chown in a script, but I think it's cron's job to
correctly set permissions and ownership.
See following examples (with the official crontab) :
- A new crontab for an user created with -u (eg SYSTEM runs crontab) :
SYSTEM@hal /
$ crontab -u Administrateur -e
no crontab for Administrateur - using an empty one
crontab: installing new crontab
SYSTEM@hal /
$ ls -l /var/cron/tabs/Administrateur
-rw------- 1 SYSTEM SYSTEM 194 Mar 2 13:26 /var/cron/tabs/Administrateur
And of course :
Administrateur@hal ~
$ crontab -e
tabs/Administrateur: Permission denied
- If the user's crontab already exists (ie created with crontab -e by
the user)
Administrateur@glmsatadmin ~
$ ls -lFa /var/cron/tabs/Administrateur
-rw-r----- 1 Administ SYSTEM 194 Mar 2 13:28 /var/cron/tabs/Administrateur
SYSTEM@glmsatadmin /
$ crontab -u Administrateur -e
crontab: installing new crontab
crontab: error renaming tabs/tmp.002368 to tabs/Administrateur
rename: Permission denied
crontab: edits left in /tmp/crontab.2368
The correct behaviour should be to allow SYSTEM to edit a user's
crontab, and to allow the user to edit his crontab without to worry
about the permissions in /var/cron/tabs/.
I understand the comment right before the chown command as : "we have
to set the group to SYSTEM to allow SYSTEM to read the file ; cron is
a service, and has SYSTEM rights".
But here it's another problem : the user SYSTEM should be able to
write the file, wihtout changing ownership (as under UNIX).
I tried to set permissions to 660 for the crontab, but crontab failed
again on "rename: Permission denied". It's strange, read and write
permissions are not enough to modify a file (?) That's why I force the
ownership to ROOT_UID, modify the crontab, and then give it back to
the user.
--
Julien Gilles.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/