Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Cron Logs File Permissions
Special Forums Cybersecurity Cron Logs File Permissions Post 302949752 by MKH on Wednesday 15th of July 2015 03:08:29 PM
Old 07-15-2015
Cron Logs File Permissions
Are there any security risks in having cron logs readable by all (644)?
We have scheduled some jobs and have issues we want to investigate, but this is justification provided in rejecting our request:
"Cron log will have only read permission for root, we cannot change the permission to make others to read. "
In every *nix environment I have worked, the cron logs have been readable by all.

Is there any valid reason to justify their practice?
 

10 More Discussions You Might Find Interesting

1. AIX

AIX and cron logs filtering ?: /etc/cronlog.conf, /var/adm/cron/log

Hi, I can use 'crontabs –e' and do all the scheduling I like. However I would like to auto send myself just the cronjobs logs that fail. That is to say the PIDs that fail and the related lines with those PID’s only. (Not the full set of logs) Has anyone done this work? Or does an AIX 5.3 tool... (0 Replies)
Discussion started by: Keith Johnson
0 Replies

2. HP-UX

To give the "unzip" permissions & "create" file permissions

Hi, I am a Unix Admin. I have to give the permissions to a user for creating new file in a directory in HP-Ux 11.11 system since he cannot able to create a new file in the directory. Thanks in advance. Mike (3 Replies)
Discussion started by: Mike1234
3 Replies

3. Shell Programming and Scripting

Grep yesterday logs from weblogic logs

Hi, I am trying to write a script which would go search and get the info from the logs based on yesterday timestamp and write yesterday logs in new file. The log file format is as follows: """"""""""""""""""""""""""... (3 Replies)
Discussion started by: harish.parker
3 Replies

4. Shell Programming and Scripting

Retain file permissions when saving .sh file from internet [OS X]

Hello. I have written a bash script that I am sharing with an OS X community I am a member of. The purpose of the script is to execute a series of commands for members without them having to get involved with Terminal, as it can be daunting for those with no experience of it at all. I have renamed... (4 Replies)
Discussion started by: baza210
4 Replies

5. UNIX for Dummies Questions & Answers

File Permissions conflict with Cron

Our site has a page that creates a jpeg graph everytime you load it. I have written a very simple cron job (rm *.jpeg) to delete the graphs once a day. This doesn't happen because the jpegs are owned by nobody:nobody and are write protected. When I do the job manually I am always asked 'are... (3 Replies)
Discussion started by: RexJacobus
3 Replies

6. Shell Programming and Scripting

ksh; Change file permissions, update file, change permissions back?

Hi, I am creating a ksh script to search for a string of text inside files within a directory tree. Some of these file are going to be read/execute only. I know to use chmod to change the permissions of the file, but I want to preserve the original permissions after writing to the file. How can I... (3 Replies)
Discussion started by: right_coaster
3 Replies

7. Shell Programming and Scripting

Setting default permissions without umask or cron jobs

I've got a number of people sending files to me in different directory structures, and users on many different groups who need access to these incoming paths. My problem is that umask assumes a default of 666 for files. No execute bit, meaning that my users can't even see the incoming folders.... (2 Replies)
Discussion started by: Karunamon
2 Replies

8. Shell Programming and Scripting

Changing file permissions of a file created by another user

Hi, I have used expdp for datapump. The .dmp file is created by the "oracle" user. my requirement is to make a zipped file of this .dmp file. What i am trying to do is change the permissions of this .dmp file from 0640 to 0644 and then do a gzip and zip it. Is there any way i can change... (3 Replies)
Discussion started by: qwertyu
3 Replies

9. Shell Programming and Scripting

How to disable cron emails, but only for logrotate only not for other logs?

Guys, is there a script or command? how to disable cron emails, but only for logrotate only not for other logs (3 Replies)
Discussion started by: kenshinhimura
3 Replies

10. Shell Programming and Scripting

If I ran perl script again,old logs should move with today date and new logs should generate.

Appreciate help for the below issue. Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt.............. 1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies

LEARN ABOUT POSIX

cron

cron(1M)                                                  System Administration Commands                                                  cron(1M)

NAME

       cron - clock daemon

SYNOPSIS

       /usr/sbin/cron

DESCRIPTION

       cron starts a process that executes commands at specified dates and times.

       You   can   specify   regularly   scheduled  commands  to  cron  according  to  instructions  found  in  crontab  files  in  the  directory
       /var/spool/cron/crontabs. Users can submit their own crontab file using the crontab(1) command. Commands which are to be executed only once
       can be submitted using the at(1) command.

       cron  only examines crontab or at command files during its own process initialization phase and when the crontab or at command is run. This
       reduces the overhead of checking for new or changed files at regularly scheduled intervals.

       As cron never exits, it should be executed only once. This is done routinely by way  of  the  svc:/system/cron:default  service.  The  file
       /etc/cron.d/FIFO file is used as a lock file to prevent the execution of more than one instance of cron.

       cron captures the output of the job's stdout and stderr streams, and, if it is not empty, mails the output to the user. If the job does not
       produce output, no mail is sent to the user. An exception is if the job is an at(1) job and the -m option was specified when  the  job  was
       submitted.

       cron and at jobs are not executed if your account is locked. Jobs and processses execute. The shadow(4) file defines which accounts are not
       locked and will have their jobs and processes executed.

   Setting cron Jobs Across Timezones
       The timezone of the cron daemon sets the system-wide timezone for cron entries. This, in turn, is  by  set  by  default  system-wide  using
       /etc/default/init.

       If  some  form  of  daylight savings or summer/winter time is in effect, then jobs scheduled during the switchover period could be executed
       once, twice, or not at all.

   Setting cron Defaults
       To keep a log of all actions taken by cron, you must specify CRONLOG=YES in the /etc/default/cron file. If you specify CRONLOG=NO, no  log-
       ging is done. Keeping the log is a user configurable option since cron usually creates huge log files.

       You  can  specify the PATH for user cron jobs by using PATH= in /etc/default/cron. You can set the PATH for root cron jobs using SUPATH= in
       /etc/default/cron. Carefully consider the security implications of setting PATH and SUPATH.

       Example /etc/default/cron file:

       CRONLOG=YES
       PATH=/usr/bin:/usr/ucb:

       This example enables logging and sets  the  default  PATH  used  by  non-root  jobs  to  /usr/bin:/usr/ucb:.  Root  jobs  continue  to  use
       /usr/sbin:/usr/bin.

       The cron log file is periodically rotated by logadm(1M).

FILES

       /etc/cron.d                     Main cron directory

       /etc/cron.d/FIFO                Lock file

       /etc/default/cron               cron default settings file

       /var/cron/log                   cron history information

       /var/spool/cron                 Spool area

       /etc/cron.d/queuedefs           Queue description file for at, batch, and cron

       /etc/logadm.conf                Configuration file for logadm

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+

SEE ALSO

       svcs(1), at(1), crontab(1), sh(1), logadm(1M), svcadm(1M), queuedefs(4), shadow(4), attributes(5), smf(5)

NOTES

       The cron service is managed by the service management facility, smf(5), under the service identifier:

       svc:/system/cron:default

       Administrative  actions  on  this  service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The ser-
       vice's status can be queried using the svcs(1) command.

DIAGNOSTICS

       A history of all actions taken by cron is stored in /var/cron/log and possibly in /var/cron/olog.

SunOS 5.10                                                          5 Aug 2004                                                            cron(1M)
All times are GMT -4. The time now is 10:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy