From: Garance A Drosihn (drosihrpi.edu)
Date: Tue Aug 10 2004 - 14:01:30 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 2:10 AM +0800 8/11/04, Xin LI wrote:
>
>On Tue, Aug 10, 2004 at 10:02:09AM -0700, Doug Barton wrote:
>>
> > Can you elaborate on your thinking?
>
>I'm not sure if this is a sort of abusing systemwide crontabs, but
>the administrators at my company have used them to run some tasks
>periodicly under other identities (to limit these tasks' privilege),
>and it provided a somewhat "centralized" management so they would
>prefer to use systemwide crontab rather than per-user ones.

You could get about the same effect by having them all under root's
crontab, and then having the entry 'su' to the appropriate userid
before running. So it is centralized in one crontab (root's), but
it is protected from prying eyes.

>What do you think about the benefit for users being able to see
>the system crontab? I think knowing what would be executed under
>others' identity is (at least) not always a good thing, especially
>the users we generally don't fully trust...

For generic system tasks, it can be useful to know when they run.
Maybe this means more to me because I'm actually awake at all odd
hours of the morning, so I notice the effects of some of those
runs. My runs of 'cvsup_mirror', for instance.

Basically, I use the system crontab for events where I think it
is safe for every user to know when the events occur, and use
other crontabs for the things I want to keep private. Just a
personal preference thing, obviously.

--
Garance Alistair Drosehn = gadgilead.netel.rpi.edu
Senior Systems Programmer or gadfreebsd.org
Rensselaer Polytechnic Institute or drosihrpi.edu
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]