Cron questions

[Jim Webb]

> 	What are people's favorite way to have cron to things as certain
> 	users.
> 	Does a "best" method exist?
> 
> 	I have seen things like:
> 		
> 30	*	*	*	* /bin/su foo < a/shell.script

YUK!  Ooops, he wants politeness :-)

> 	but does this work if user foo has a password?

Under System V (before Release 2) cron ran as root, so no passwd was needed.
It is much nicer to do it like so:

30	*	*	*	* /bin/su person -c "whatever"

If you use the dash option, the /etc/profile and ~person/.profile will be
read ( at least with the assumption that the Bourne shell is used).

Then, you do not need to worry that this "whatever" is going to be a security
problem.

[Under SVR2 cron is still run as root, but individual crontabs are used, so
 the user id is set to the specific user before the commands are run]

> 
> 	One method I have thought off is to have cron start a set uid program
> 	that checks if the user is root or the owner of cron.

Are you a Berkeley site?  We SVR-er's always have cron running as root.

> 	The program then examines the first line of a shell script to obtain
> 	the user-id to set before fork/exec'ing /bin/sh to run the shell script.
> 	What, if anything, does this do to security etc.
> 
> Sample script:
> # uidhere
> function of shell script
> 
> end script

First off, sometimes people want binaries run from cron, and secondly, you
would have to make sure root owned the file as well as all directories leading
to it and that the perms are set to read-only, otherwise, this first line
could be easily changed.

> Polite E-mail responses welcomed.	:-)
-- 
Jim Webb             "Out of phase--get help"          ...!ihnp4!hropus!jrw