Re: cron.allow and cron.deny

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



El Lunes, 11 de Septiembre de 2006 18:44, Steve Berg escribió:
>
> If that were true then the user could run the damaging process anytime
> they wished since cron will execute a user's crontab with that user's
> permissions.  On systems I work with cron is available to any user on a
> fresh install.
> --

I wanna mean that it's not a good idea to allow system accounts to access 
crontab. 
Of course that users are allow or should be allow in mostle scenaries to use 
cron, cause they are only allow to run scripts with users permissions, that's 
clear for all.

IMHO if for instance apache user or nobody one is able to set up tasks on 
crontab, you're box is on risk, isn't it?
By the way, if some one get access to your server using an apache bug or 
whatever, you're in trouble.

it's just an opinion, maybe i'm too paranoic with system security, could be.
Cheers.

-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux