Created attachment 271825 [details] emerge --info cronie When attempting to create a crontab as a user in the cron group, crontab(1) is unable to install the new file in /var/spool/cron/crontabs. I have tried removing the crontabs directory and re-installing cronie; this does not fix the problem. floppym@naomi ~ % groups disk wheel cron audio cdrom video games mysql cdrw usb users wireshark vboxusers lpadmin portage plugdev vmware floppym floppym@naomi ~ % crontab -e no crontab for floppym - using an empty one crontab: installing new crontab /var/spool/cron/crontabs/tmp.XXXXn1l1Xr: Permission denied crontab: edits left in /tmp/crontab.XXXXHNzH5K floppym@naomi ~ % ls -ld /var/spool/cron/crontabs drwxr-x--- 1 root cron 52 May 1 20:09 /var/spool/cron/crontabs
I think /usr/bin/crontab should be installed with mode 4750 instead of 2750. This fixed it for me.
(In reply to comment #1) > I think /usr/bin/crontab should be installed with mode 4750 instead of 2750. > This fixed it for me. Making this SUID root is a really bad idea. /var/spool/cron should belong to the cron group, /var/spool/cron/crontabs to the crontab group and crontab(1) should have 2750 (or even 2751 as vixie), then things should work.
Created attachment 279015 [details, diff] cronie-1.4.6.ebuild.patch I'd say the correct fix is like this (see attached patch). sys-process/vixie-cron is doing it the same way.
Created attachment 279065 [details, diff] Fix permissions for crontab Poly-C's patch is incomplete: it does not create the crontab group and does not set permissions on /var/spool/cron/crontabs. Here's a patch with the missing bits. I tested it with success on my system. I made sure to blow away the crontabs directory before installing it; existing installs will need to have the permissions adjusted. vixie-cron does this in pkg_postinst.
+*cronie-1.4.8 (10 Jul 2011) +*cronie-1.4.4-r1 (10 Jul 2011) + + 10 Jul 2011; Lars Wendler <polynomial-c@gentoo.org> -cronie-1.4.4.ebuild, + +cronie-1.4.4-r1.ebuild, cronie-1.4.6.ebuild, +cronie-1.4.8.ebuild, + metadata.xml: + Fixed "crontab -e" permission bug reported by Mike Gilbert (bug #365651) who + also provided a complete fix. Committed a fixed revision straight to stable. + Version bump (bug #374011). Added myself as new package maintainer. +