Hi list! SuSe 9.0 pro with file settings secure. I want an normal user to be able to use crontab in order put cronjobs in place. If the users tries to install a crontab using crontab -e he gets an /usr/bin/crontab permission denied. If I have a look on the file permissions this behavior is correct: -rwsr-x--- 1 root trusted 22812 Sep 23 2003 /usr/bin/crontab First I thought about putting the user in the group trusted but the it has the rights to execute gpasswd. Next step I set the x-bit for other on /usr/bin/crontab. No the user can use the crontab. But when I make a reboot of the system the permission is chnaged to -rwsr-x--- automatically. I think this is a result of the file permission safe setting in yast. But when root changes a permission I do not want the OS to undo my changes. Any ideas? Regards Daniel
Hi Daniel, read my replies inline... Hollweg, Daniel wrote:
Hi list!
SuSe 9.0 pro with file settings secure. I want an normal user to be able to use crontab in order put cronjobs in place. If the users tries to install a crontab using crontab -e he gets an /usr/bin/crontab permission denied. If I have a look on the file permissions this behavior is correct:
-rwsr-x--- 1 root trusted 22812 Sep 23 2003 /usr/bin/crontab
[ snip ] what are the contents of /var/spool/cron/deny /var/spool/cron/allow Martin
On Thu, 2004-04-01 at 05:17, Hollweg, Daniel wrote:
Hi list!
SuSe 9.0 pro with file settings secure. I want an normal user to be able to use crontab in order put cronjobs in place. If the users tries to install a crontab using crontab -e he gets an /usr/bin/crontab permission denied. If I have a look on the file permissions this behavior is correct:
-rwsr-x--- 1 root trusted 22812 Sep 23 2003 /usr/bin/crontab
First I thought about putting the user in the group trusted but the it has the rights to execute gpasswd.
Next step I set the x-bit for other on /usr/bin/crontab. No the user can use the crontab. But when I make a reboot of the system the permission is chnaged to -rwsr-x--- automatically.
I think this is a result of the file permission safe setting in yast. But when root changes a permission I do not want the OS to undo my changes.
Any ideas? Regards Daniel
The files /var/spool/cron/allow and /var/spool/cron/deny can control who has the ability to create crontab files. Do a man crontab for further help. -- Ken Schneider unix user since 1989 linux user since 1994 SuSE user since 1998 (6.2)
On Thursday 01 April 2004 12.17, Hollweg, Daniel wrote:
I think this is a result of the file permission safe setting in yast. But when root changes a permission I do not want the OS to undo my changes.
in /etc/permissions.local, add /usr/bin/crontab root:trusted 4755 Note the warning you got when you selected permissions secure (or paranoid). The system will be very locked down and you will have to enable features manually
On 2004-04-01 12:17, "Hollweg, Daniel" wrote:
I think this is a result of the file permission safe setting in yast. But when root changes a permission I do not want the OS to undo my changes.
As you choosed "permissions safe" you asked the system to change the permissions for you. If you need to change those settings, you have to edit "/etc/permissions.local" (recomended). It is also possible to change that behaviour to "warn" instead of "force" - in file /etc/sysconfig/security: CHECK_PERMISSIONS="set" # set or warn or no -- Cheers, Carlos Robinson
participants (5)
-
Anders Johansson -
Carlos E. R. -
Hollweg, Daniel -
Kenneth Schneider -
Martin Mielke