365651 – sys-process/cronie-1.4.4 crontab -e permission denied

Bug 365651 - sys-process/cronie-1.4.4 crontab -e permission denied

Summary: sys-process/cronie-1.4.4 crontab -e permission denied

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Unspecified (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Lars Wendler (Polynomial-C) (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	374011
	Show dependency tree

Reported:	2011-05-02 00:54 UTC by Mike Gilbert
Modified:	2011-07-10 19:41 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
emerge --info cronie (emerge-info.txt,5.34 KB, text/plain) 2011-05-02 00:54 UTC, Mike Gilbert	Details
cronie-1.4.6.ebuild.patch (cronie-1.4.6.ebuild.patch,378 bytes, patch) 2011-07-04 08:42 UTC, Lars Wendler (Polynomial-C) (RETIRED)	Details \| Diff
Fix permissions for crontab (cronie-perms.patch,679 bytes, patch) 2011-07-04 17:27 UTC, Mike Gilbert	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Gilbert gentoo-dev

2011-05-02 00:54:02 UTC

Created attachment 271825 [details]
emerge --info cronie

When attempting to create a crontab as a user in the cron group, crontab(1) is unable to install the new file in /var/spool/cron/crontabs.

I have tried removing the crontabs directory and re-installing cronie; this does not fix the problem.

floppym@naomi ~ % groups
disk wheel cron audio cdrom video games mysql cdrw usb users wireshark vboxusers lpadmin portage plugdev vmware floppym

floppym@naomi ~ % crontab -e 
no crontab for floppym - using an empty one
crontab: installing new crontab
/var/spool/cron/crontabs/tmp.XXXXn1l1Xr: Permission denied
crontab: edits left in /tmp/crontab.XXXXHNzH5K

floppym@naomi ~ % ls -ld /var/spool/cron/crontabs
drwxr-x--- 1 root cron 52 May  1 20:09 /var/spool/cron/crontabs

Comment 1 Mike Gilbert gentoo-dev

2011-05-02 04:38:42 UTC

I think /usr/bin/crontab should be installed with mode 4750 instead of 2750. This fixed it for me.

Comment 2 Alex Legler (RETIRED) archtester

2011-07-04 08:36:30 UTC

(In reply to comment #1)
> I think /usr/bin/crontab should be installed with mode 4750 instead of 2750.
> This fixed it for me.

Making this SUID root is a really bad idea. /var/spool/cron should belong to the cron group, /var/spool/cron/crontabs to the crontab group and crontab(1) should have 2750 (or even 2751 as vixie), then things should work.

Comment 3 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2011-07-04 08:42:06 UTC

Created attachment 279015 [details, diff]
cronie-1.4.6.ebuild.patch

I'd say the correct fix is like this (see attached patch). sys-process/vixie-cron is doing it the same way.

Comment 4 Mike Gilbert gentoo-dev

2011-07-04 17:27:54 UTC

Created attachment 279065 [details, diff]
Fix permissions for crontab

Poly-C's patch is incomplete: it does not create the crontab group and does not set permissions on /var/spool/cron/crontabs.

Here's a patch with the missing bits.

I tested it with success on my system. I made sure to blow away the crontabs directory before installing it; existing installs will need to have the permissions adjusted. vixie-cron does this in pkg_postinst.

Comment 5 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2011-07-10 19:41:42 UTC

+*cronie-1.4.8 (10 Jul 2011)
+*cronie-1.4.4-r1 (10 Jul 2011)
+
+  10 Jul 2011; Lars Wendler <polynomial-c@gentoo.org> -cronie-1.4.4.ebuild,
+  +cronie-1.4.4-r1.ebuild, cronie-1.4.6.ebuild, +cronie-1.4.8.ebuild,
+  metadata.xml:
+  Fixed "crontab -e" permission bug reported by Mike Gilbert (bug #365651) who
+  also provided a complete fix. Committed a fixed revision straight to stable.
+  Version bump (bug #374011). Added myself as new package maintainer.
+