https://bugzilla.novell.com/show_bug.cgi?id=251280 Summary: Over-secure (non-documented) permissions for at(1) and crontab(1) commands Product: openSUSE 10.2 Version: Final Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Ulrich.Windl@rz.uni-regensburg.de QAContact: qa@suse.de On a system where PERMISSION_SECURITY was set to "secure", a user cannot execute the at(1) command because of a "Permission denied" on /usr/bin/at. The following problems exist: 1) The manual does not document any magic about the "trusted" group /usr/bin/at belongs to. The user can execute /usr/bin/at if he/she is member of that group. 2) Permissions for the "secure" case seem somewhat over-secure if the files "/etc/at.allow" and "/etc/at.deny" are still used for access control: "grep /usr/bin/at /etc/permissions*" basically outputs: /etc/permissions.easy:/usr/bin/at root:trusted 4755 /etc/permissions.paranoid:/usr/bin/at root:trusted 0755 /etc/permissions.secure:/usr/bin/at root:trusted 4750 3) If the user is imported from YP/NIS, it's more difficult to grant access, as the group "trusted" may not exist on the YP/NIS master server (thinking about a multi-OS environment) There's the same problem again for /usr/bin/crontab. I'd prefer allowing the user to use at(1) over seeing some ugly user scripts running sleep(1) in a background process... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.