Cron

[nileshgr]

How to enable crontab (cron) for all users without entering their names in /etc/cron.allow ?

 

[praka123]

in debian based distros,vixie-cron(default) executable is set SUID(set user id) bit,so that every user can use it. as root,set suid bit for /usr/bin/crontab
remmmemmmba:suid/sgid is hopefully secure as major distros like debian,ubuntu and many are using it with binaries.so,install sxid package if ur paranoid on security! *linux.cudeso.be/linuxdoc/sxid.php

below is how to set suid/sgid :
*www.howtoforge.org/linux_setting_suid_sgid_bits

 

[nileshgr]

in debian based distros,vixie-cron(default) executable is set SUID(set user id) bit,so that every user can use it. as root,set suid bit for /usr/bin/crontab
remmmemmmba:suid/sgid is hopefully secure as major distros like debian,ubuntu and many are using it with binaries.so,install sxid package if ur paranoid on security! *linux.cudeso.be/linuxdoc/sxid.php

below is how to set suid/sgid :
*www.howtoforge.org/linux_setting_suid_sgid_bits

But vixie-cron is already installed on my Fedora 7.

Ok, you mean to say that i should SUID /usr/bin/crontab ?

But that already has those permissions.

-rwsr-sr-x 1 root root 309K 2007-09-11 14:43 /usr/bin/crontab

 

[praka123]

^then ur supposed to be able to run all binaries which are executable
for eg:
u can open a terminal and run:

crontab -e

and follow the instructions as per man 5 crontab to schedule.
BUT make sure service "cron" is enabled.

crontab -l

^will display scheduled.

 

[nileshgr]

^then ur supposed to be able to run all binaries which are executable
for eg:
u can open a terminal and run:

crontab -e

and follow the instructions as per man 5 crontab to schedule.
BUT make sure service "cron" is enabled.

crontab -l

^will display scheduled.

But if my username is not listed in /etc/cron.allow ; i can't use crontab!!

CRONTAB(1) CRONTAB(1)

NAME
crontab - maintain crontab files for individual users (ISC Cron V4.1)

SYNOPSIS
crontab [-u user] file
crontab [-u user] [-l | -r | -e] [-i] [-s]

DESCRIPTION
Crontab is the program used to install, deinstall or list the tables used to drive the cron(8) daemon in
ISC Cron. Each user can have their own crontab, and though these are files in /var/spool/ , they are not
intended to be edited directly. For SELinux in mls mode can be even more crontabs - for each range. For
more see selinux(8).

If the cron.allow file exists, then you must be listed therein in order to be allowed to use this com-
mand. If the cron.allow file does not exist but the cron.deny file does exist, then you must not be
listed in the cron.deny file in order to use this command. If neither of these files exists, only the
super user will be allowed to use this command.

You see in the above man page quote that it says, i have to be listed in /etc/cron.allow

 

[praka123]

forgot redhat cron ways.but with debian,by default no cron.allow,deny exists.I think you have to mv the /etc/cron.allow to /etc/cron.allow.bk and try!

also check /et/default dir for some cron customization options.

 

[nileshgr]

Dude, after much research, i found that it is the normal behaviour of vixie-cron. In all sites, it is written that the user has to be present in /etc/cron.allow OR absent in /etc/cron.deny

So, there is another cron type called fcron which behaves in the way i want i.e. if the allow or deny don't exist, all users are allowed fcrontabs.

A user can install a fcrontab if he is listed in the /usr/local/etc/fcron.allow and not (unless by the keyword all) listed in /usr/local/etc/fcron.deny (see section "files" below). If neither fcron.allow nor fcron.deny exist, all users are allowed. None of these files have to exist, but if they do, the deny file takes precedence.

But this fcrontab has some difference than vixie one as the @ syntax is not supported instead it has its own. I will have to get used to this one.