Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 87039 - vixie-cron doesn't work for non-root users due to permission problems
Summary: vixie-cron doesn't work for non-root users due to permission problems
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Cron Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-28 15:31 UTC by Jim Faulkner
Modified: 2005-03-29 08:27 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jim Faulkner 2005-03-28 15:31:03 UTC 
/var/spool/cron/crontabs does not have the correct permissions for allowing users who are members of the "cron" group to install crontabs.

These are the default permissions on /var/spool/cron/crontabs/:
drwxr-x---  2 root cron  72 Nov 26 15:33 .

As you can see, the directory is not writable by members of the "cron" group.  Here's what happens when I try to install a crontab:
jdf42@michelangelo jdf42 $ groups
wheel floppy cron audio cdrom video games usb users jdf42
jdf42@michelangelo jdf42 $ crontab -e
no crontab for jdf42 - using an empty one
crontab: installing new crontab
crontabs/tmp.XXXXQytBRM: Permission denied
crontab: edits left in /tmp/crontab.XXXXnlo5wi

Adding group write permissions to the directory solves the problem:
michelangelo root # chmod g+w /var/spool/cron/crontabs
...
jdf42@michelangelo jdf42 $ crontab -e
crontab: installing new crontab

I have a 2004.0 machine and a 2005.0 machine, both have incorrect permissions on the /var/spool/cron/crontabs directory.


Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5, glibc-2.3.4.20041102-r1,
2.6.11.6 i686)
=================================================================
System uname: 2.6.11.6 i686 Intel(R) Xeon(TM) CPU 1700MHz
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.3.4-r1 [2.3.4 (#1, Mar 10 2005, 18:18:11)]
dev-lang/python:     2.3.4-r1
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.7.9-r1, 1.8.5-r3, 1.6.3, 1.9.4, 1.5
sys-devel/binutils:  2.15.92.0.2-r1
sys-devel/libtool:   1.5.10-r4
virtual/os-headers:  2.6.8.1-r4
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium4 -mfpmath=sse -pipe -s -O2 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium4 -mfpmath=sse -pipe -s -O2 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common -s"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://jove.eng.yale.edu/gentoo-portage"
USE="x86 X a52 aac acpi acpi4linux alsa apache2 avi bash-completion berkdb
bitmap-fonts bzlib cdparanoia cdr crypt cups curl dga dio divx4linux dv emboss
encode exif fam fbcon ffmpeg flac foomaticdb fortran ftp gdbm gif gnome gpm
gstreamer gtk gtk2 imagemagick imlib jpeg kerberos ldap libg++ libwww lm_sensors
lzo mad mikmod mmap mmx mng motif mozilla mp3 mpeg mysql ncurses network nptl
nptlonly nvidia ogg oggvorbis openal opengl oss pam pdflib perl pic png posix
pythonqt quicktime readline real rtc samba sdl sharedmem spell sse sse2 ssl svga
sysfs threads tiff truetype truetype-fonts type1-fonts usb xine xml2 xmms xosd
xpmxv xvid xvmc zlib"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, PORTDIR_OVERLAY
Comment 1 Mr. Bones. (RETIRED) gentoo-dev 2005-03-28 15:43:18 UTC 
crontab gets installed setuid root so you should be able to edit crontabs.
Comment 2 Jim Faulkner 2005-03-28 16:47:42 UTC 
My mistake... /usr/bin/crontab was setuid to the wrong group... probably because I used a non-standard install method.  I compiled the base system on a different machine, so the GID of the cron group probably differed on that machine.

I fixed the ownership on /usr/bin/crontab, and editing crontabs now works fine for  non-root users with the default /var/spool/cron/crontabs/ permissions.

Sorry about the false alarm.
Comment 3 Aaron Walker (RETIRED) gentoo-dev 2005-03-29 05:57:08 UTC 
I'm pretty sure this is INVALID, but one think you said made me curious enough to investigate.

Was the system you originally compiled on a Gentoo system? cron group comes in the default /etc/group so it should be the same on all Gentoo systems (gid 16).

Also, vixie-cron version?
Comment 4 Jim Faulkner 2005-03-29 07:56:25 UTC 
No, the machine I compiled it on was a Suse 9.1 system... GID 16 is the "dialout" group on the Suse system, which was the group that /usr/bin/crontab was chowned to before I fixed it.  Next time I need to remember to use the --numeric-owner tar option when I compile Gentoo on a non-Gentoo system.

I'm running vixie-cron-4.1-r4.
Comment 5 Aaron Walker (RETIRED) gentoo-dev 2005-03-29 08:27:17 UTC 
Ah ok. That's what needed clarifying. Thanks.