05-02-2012
The risk is only for restricted or chrooted accounts being able to access files the account could never access before.
The risk is the same for a user with shell access, and the same user with access to commands/files via crontab. Ditto at and batch.
For any valid shell user, accessing crontab has a greater chance of screwing things up, because the environment in cron jobs is not the same as the interactive environment. This leads to errors and bad code trashing things.
So if security is set correctly, inept crontab users mostly trash their own stuff.
So, how do you want to define security?
7 More Discussions You Might Find Interesting
1. Cybersecurity
We are trying to implement a NAS solution with UNIX servers and multiple networks, and I've heard that NFS has security issues with lockd and statd.
The security issue as it was explained to me is that these services are subject to vulnerabilities/exploits, and that users who connect to Unix... (1 Reply)
Discussion started by: onceagain
1 Replies
2. Shell Programming and Scripting
I am on AS3 Update 4 Linux
and am having an issue with an automated ftp script, I tried using the fd/sub proc method and that did not seem to work either. I normally use the following method to perform my ftp's but for some reason it works if I launch the script at the command line but in Cron it... (4 Replies)
Discussion started by: bryanthomas
4 Replies
3. Solaris
I am having some issues with my cronjobs not running in solaris 10.
Cron is running:
~> ps -ef | grep cron
root 202 1 0 Jul 18 ? 0:01 /usr/sbin/cron
bender 1646 1562 0 01:57:49 syscon 0:00 grep cron
crontab -l lists the cronjob and I *think* its in the... (8 Replies)
Discussion started by: ippy98
8 Replies
4. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
If you look at the permissions associated with a symbolic link, it has universal access. Does this lead to... (0 Replies)
Discussion started by: linux17
0 Replies
5. Shell Programming and Scripting
Hi all, I am trying to run a cronjob to push my files to my git repo once a week and output a prompt to a logfile, my script works fine if I invoke it manually but my cronjob wont run for some reason, I have sourced the file, and restarted my Mac to no avail, right now I believe I have the cronjob... (8 Replies)
Discussion started by: gmenfan83
8 Replies
6. AIX
Hello everyone,
I have an AIX 6.1 machine and i experienced a problem with my cron scripts. It appears that somebody renamed a cron script so crontab could not execute it.
Is there a way to put some security on cron scripts so nobody else except root can rename or delete a cron script? Or they... (6 Replies)
Discussion started by: omonoiatis9
6 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I have a very simple script that queries from a DB2 table. The script has 3 parts - (i) Sets the db2profile (ii) connects to db2 using credentials (iii) executes the query.This script works fine if i run it manually from the command prompt. However when scheduled in crontab, it proceeds... (2 Replies)
Discussion started by: VeePee
2 Replies
CRONTAB(1) BSD General Commands Manual CRONTAB(1)
NAME
crontab -- maintain crontab files for individual users (V3)
SYNOPSIS
crontab [-u user] file
crontab [-u user] { -l | -r | -e }
DESCRIPTION
The crontab utility is the program used to install, deinstall or list the tables used to drive the cron(8) daemon in Vixie Cron. Each user
can have their own crontab, and they are not intended to be edited directly.
(Darwin note: Although cron(8) and crontab(5) are officially supported under Darwin, their functionality has been absorbed into launchd(8),
which provides a more flexible way of automatically executing commands. See launchctl(1) for more information.)
If the /usr/lib/cron/cron.allow file exists, then you must be listed therein in order to be allowed to use this command. If the
/usr/lib/cron/cron.allow file does not exist but the /usr/lib/cron/cron.deny file does exist, then you must not be listed in the
/usr/lib/cron/cron.deny file in order to use this command. If neither of these files exists, then depending on site-dependent configuration
parameters, only the super user will be allowed to use this command, or all users will be able to use this command. The format of these
files is one username per line, with no leading or trailing whitespace. Lines of other formats will be ignored, and so can be used for com-
ments.
The first form of this command is used to install a new crontab from some named file or standard input if the pseudo-filename '-' is given.
The following options are available:
-u Specify the name of the user whose crontab is to be tweaked. If this option is not given, crontab examines ``your'' crontab, i.e.,
the crontab of the person executing the command. Note that su(1) can confuse crontab and that if you are running inside of su(1) you
should always use the -u option for safety's sake.
-l Display the current crontab on standard output.
-r Remove the current crontab.
-e Edit the current crontab using the editor specified by the VISUAL or EDITOR environment variables. The specified editor must edit
the file in place; any editor that unlinks the file and recreates it cannot be used. After you exit from the editor, the modified
crontab will be installed automatically.
FILES
/usr/lib/cron/cron.allow
/usr/lib/cron/cron.deny
DIAGNOSTICS
A fairly informative usage message appears if you run it with a bad command line.
SEE ALSO
crontab(5), compat(5), cron(8), launchctl(1)
STANDARDS
The crontab command conforms to IEEE Std 1003.2 (``POSIX.2''). The new command syntax differs from previous versions of Vixie Cron, as well
as from the classic SVR3 syntax.
AUTHORS
Paul Vixie <paul@vix.com>
BSD
December 29, 1993 BSD