su in crontab

[Stan Tazuma]

In article <706 at astrovax.UUCP> wls at astrovax.UUCP (William L. Sebok) writes:
>I just tripped over a rather puzzling anomaly.  If I insert 
>
>08 * * * * su wls % exec /usr/ucb/whoami >>/mnt/wls/TST/Errors 2>&1
>
>I get "root" in the file /mnt/wls/TST/Errors, while if instead I insert
>
>12 * * * * echo /usr/ucb/whoami | su wls >>/mnt/wls/TST/Errors 2>&1
>

The problem is that the man page for Berkeley cron lies.  The man page says
that when the '%' is used, following 'line's are passed to the command as input.
This is false.  When cron starts up a shell for the entire command
line, it first replaces all '%'s by new-lines.  Basically, your first
example above would be executed like:
	$ su wls
	$ exec /usr/ucb/whoami >> .....
The first command (su) would start up a setuid shell; the shell
would see EOF, and promptly exit (uid then reverts back to cron's uid).
Then, the exec line would be executed, and the user-id would be cron's
user-id, namely root in your case.

The second of your crontab lines would be executed as expected, and
that's why it works.

To properly use the '%' char. in a crontab command line, try:
	su wls <<x % /usr/ucb/whoami %x
or, since EOF (EOT) is sufficient for the su shell,
	su wls <<x % /usr/ucb/whoami
will work.
Notice that this is just the 'here' document.  I.e.,
	$ su wls <<x
	$ /usr/ucb/whoami
	$ x
so 'x' can be any string.

Important:  the System V cron interprets the '%' operator as documented
in the cron man page.
For those with Pyramid computers, the System V cron is being used.