Date: Tue, 10 Aug 2004 10:02:09 -0700 (PDT) From: Doug Barton <DougB@FreeBSD.org> To: Xin LI <delphij@frontfree.net> Cc: "freebsd-security@FreeBSD.org" <freebsd-security@FreeBSD.org> Subject: Re: [PATCH] Tighten /etc/crontab permissions Message-ID: <20040810095953.H1984@qbhto.arg> In-Reply-To: <20040810161305.GA161@frontfree.net> References: <20040810161305.GA161@frontfree.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 11 Aug 2004, Xin LI wrote:
> Hi folks,
>
> While investigating OpenBSD's cron implementation, I found that they set
> the systemwide crontab (a.k.a. /etc/crontab) to be readable by the
> superuser only. The attached patch will bring this to FreeBSD by moving
> crontab out from BIN1 group and install it along with master.passwd.
Do you have a reason for wanting to do this other than, "OpenBSD does it
this way?" I personally see no problems, and some benefit for users
being able to see the system crontab. If the superuser needs to run
"secret" cron jobs, then there is root's crontab that can be used for
this purpose.
Can you elaborate on your thinking?
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040810095953.H1984>