Richard Creighton wrote:
Out of curiosity Glen, (showing my total ignorance here) how does this set a UID assuming this is the problem? .... and why would it work from /etc/crontab but not from the crontab in /root which you edit by crontab -e -u root? That last one, executes everything except iptables from what I can tell as I can have it create, delete, move files, etc., but from within the root crontab, iptables is just ignored, logged, but ignored. The one in /etc/crontab that is normally used to launch the hourly, daily, weekly...etc. scripts does work I find out through experimentation...same cron, same script, same 'user' (root), just have to use the system crontab for this one program. Other programs execute fine from the roots private crontab....go figure...
Hi Richard - I don't know if this is true in the current kernel, or if this is even done anymore, but in the past processes could run with a "real UID" and an "effective UID", which could be different. And processes started from cron as root were actually started with *NO* effective UID, meaning that they ran with a real UID of root, but an effective UID of "NOLUID". So this would let them do *some* things as root, but kernel-related things would be denied because an effective UID hadn't been set. Hmm... looks like they do at least still use multiple UIDs - see man setreuid (section 2) for a synopsis. Ahh! Check out "man capabilities" (section 7) - which explains this in more detail! I don't pretend to understand all the details of why this was done, or how it worked, or if it's even still done - you're not the only one who feels ignorant! - it was just something that came to mind when I read over your problem, so I thought I'd mention it as a possibility. :-) Glen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org