/var/spool/cron/crontabs does not have the correct permissions for allowing users who are members of the "cron" group to install crontabs. These are the default permissions on /var/spool/cron/crontabs/: drwxr-x--- 2 root cron 72 Nov 26 15:33 . As you can see, the directory is not writable by members of the "cron" group. Here's what happens when I try to install a crontab: jdf42@michelangelo jdf42 $ groups wheel floppy cron audio cdrom video games usb users jdf42 jdf42@michelangelo jdf42 $ crontab -e no crontab for jdf42 - using an empty one crontab: installing new crontab crontabs/tmp.XXXXQytBRM: Permission denied crontab: edits left in /tmp/crontab.XXXXnlo5wi Adding group write permissions to the directory solves the problem: michelangelo root # chmod g+w /var/spool/cron/crontabs ... jdf42@michelangelo jdf42 $ crontab -e crontab: installing new crontab I have a 2004.0 machine and a 2005.0 machine, both have incorrect permissions on the /var/spool/cron/crontabs directory. Reproducible: Always Steps to Reproduce: 1. 2. 3. Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5, glibc-2.3.4.20041102-r1, 2.6.11.6 i686) ================================================================= System uname: 2.6.11.6 i686 Intel(R) Xeon(TM) CPU 1700MHz Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.4-r1 [2.3.4 (#1, Mar 10 2005, 18:18:11)] dev-lang/python: 2.3.4-r1 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.7.9-r1, 1.8.5-r3, 1.6.3, 1.9.4, 1.5 sys-devel/binutils: 2.15.92.0.2-r1 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.6.8.1-r4 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -mfpmath=sse -pipe -s -O2 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -mfpmath=sse -pipe -s -O2 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common -s" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://jove.eng.yale.edu/gentoo-portage" USE="x86 X a52 aac acpi acpi4linux alsa apache2 avi bash-completion berkdb bitmap-fonts bzlib cdparanoia cdr crypt cups curl dga dio divx4linux dv emboss encode exif fam fbcon ffmpeg flac foomaticdb fortran ftp gdbm gif gnome gpm gstreamer gtk gtk2 imagemagick imlib jpeg kerberos ldap libg++ libwww lm_sensors lzo mad mikmod mmap mmx mng motif mozilla mp3 mpeg mysql ncurses network nptl nptlonly nvidia ogg oggvorbis openal opengl oss pam pdflib perl pic png posix pythonqt quicktime readline real rtc samba sdl sharedmem spell sse sse2 ssl svga sysfs threads tiff truetype truetype-fonts type1-fonts usb xine xml2 xmms xosd xpmxv xvid xvmc zlib" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, PORTDIR_OVERLAY
crontab gets installed setuid root so you should be able to edit crontabs.
My mistake... /usr/bin/crontab was setuid to the wrong group... probably because I used a non-standard install method. I compiled the base system on a different machine, so the GID of the cron group probably differed on that machine. I fixed the ownership on /usr/bin/crontab, and editing crontabs now works fine for non-root users with the default /var/spool/cron/crontabs/ permissions. Sorry about the false alarm.
I'm pretty sure this is INVALID, but one think you said made me curious enough to investigate. Was the system you originally compiled on a Gentoo system? cron group comes in the default /etc/group so it should be the same on all Gentoo systems (gid 16). Also, vixie-cron version?
No, the machine I compiled it on was a Suse 9.1 system... GID 16 is the "dialout" group on the Suse system, which was the group that /usr/bin/crontab was chowned to before I fixed it. Next time I need to remember to use the --numeric-owner tar option when I compile Gentoo on a non-Gentoo system. I'm running vixie-cron-4.1-r4.
Ah ok. That's what needed clarifying. Thanks.