Allowing users to remove files in /usr/spool/at

[Jim Reid]

In article <2409 at syma.sussex.ac.uk> andy at syma.sussex.ac.uk (Andy Clews) writes:
>I work on a Sequent Symmetry S81 running DYNIX 3.0.15. My question
>could, however, apply to any UN*X box.

Not so. Most System V boxes have a different at/cron system. The System
V at command supports a -r option, enabling users to delete their at jobs.

>Files in this directory are owned and writeable by the people who gave
>the corresponding "at" command, but because /usr/spool/at can only at
>present be written by root, users cannot delete their own "at" files.
>
>Can anyone suggest a way in which I can give this sort of access to
>/usr/spool/at without compromising system security by allowing the world
>to write to it? I'm a bit wary of creating a setuid'd program to do it.

Well, there's no need for a setuid program at all. (Or setgid for that
matter either.) Just have the user run a script to identify the appropriate
shell script. All that's then needed is to delete the contents of the file.
The at daemon will run the now empty file at the appointed time and then
delete it. Since the user already owns the shell script, this does not
require any special setuid/setgid permissions.

Incidentally, the BSD at command doesn't need to be setuid anything. All
it needs is to have write permission on the spool directory. Setgid to
the unique group ownership of the spool directory will do fine. i.e.:-

	% ls -lsgd /usr/bin/at /usr/spool/at
	24 ---x--s--x  1 bin      at          24576 May 21  1988 /usr/bin/at
	 1 drwxrwxr-x  3 root     at            512 Mar 28 08:00 /usr/spool/at

		Jim