Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 77878 - vixie-cron's crontab has wrong ownership
Summary: vixie-cron's crontab has wrong ownership
Status: RESOLVED CANTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Cron Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-13 12:15 UTC by Erik Logtenberg
Modified: 2005-01-14 03:24 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Logtenberg 2005-01-13 12:15:53 UTC 
I'm not quite sure wether or not this is a bug; It might as well be that I'm missing the point here.

Anyway, I just installed vixie-cron by running "emerge vixie-cron". Now /usr/bin/crontab looks like this:

# ls -al /usr/bin/crontab
-rws--x---  1 root root 31932 Jan 13 20:53 /usr/bin/crontab

This way, only root can use crontab, normal users get this:
$ crontab
-bash: /usr/bin/crontab: Permission denied

According to some comments in the /etc/cron.deny file, users in the "cron"-group should be able to normally run crontab:
[quote]
# $Id: vixie-cron-4.1-cron.deny,v 1.1 2004/08/28 00:51:46 ciaranm Exp $
# If for any reason you have users in the 'cron' group who should not
# be allowed to run crontab, add them to this file (one username per
# line)
[/quote]

In other words: add your users to the "cron" group, and they'll be able to run crontab. This is however not the case; if you want this to work, then the ownership of /usr/bin/crontab should be this:

# ls -al /usr/bin/crontab
-rws--x---  1 root cron 31932 Jan 13 20:53 /usr/bin/crontab

This can be done with two commands:

# chgrp cron /usr/bin/crontab
to change the group
# chmod u+s /usr/bin/crontab
to re-set the suid bit (which disappears when you chgrp the file)

After I did that, normal users can use crontab (after they've been added to the cron-group ofcourse).


Reproducible: Always
Steps to Reproduce:
1.emerge vixie-cron
2.su to a non-privileged user
3.crontab

Actual Results:  
$ crontab -l
-bash: /usr/bin/crontab: Permission denied


Expected Results:  
$ crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (mycron installed on Thu Jan 13 21:05:25 2005)
# (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $)
[etc]
Comment 1 Andrew Chambers 2005-01-13 14:59:58 UTC 
The <a href=http://www.gentoo.org/doc/en/cron-guide.xml>guide</a> says that you should put in /etc/cron.allow all users permitted to use vixie-cron.

Perhaps the comments in /etc/cron.deny are misleading but this is not a problem with portage.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-01-13 17:38:44 UTC 
my /usr/bin/crontab from vixie-cron is perfectly fine by default:
# ls -l /usr/bin/crontab
-rws--x---  1 root cron 33268 Jan  9 20:50 /usr/bin/crontab

I don't know why yours was root:root.
Comment 3 Aaron Walker (RETIRED) gentoo-dev 2005-01-14 02:23:22 UTC 
Not really sure why your crontab executable is root:root, but I highly doubt it was installed that way... straight from the ebuild (line 90):

insopts -o root -g cron -m 4750 ; doins crontab

>>> ll /usr/bin/crontab 
-rws--x---  1 root cron 29K Dec 17 06:26 /usr/bin/crontab
Comment 4 Ciaran McCreesh 2005-01-14 03:24:05 UTC 
There was a bug in earlier versions which would cause the file to be installed with silly permissions. Once a file's installed, portage won't change its permissions. Check the FEATURES section of man 5 make.conf for various permission-related settings that'll override this.