Date: Thu, 22 Jan 2026 22:36:58 +0000
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 292667] cron / at: Move /var/cron/{allow,deny} and /var/at/at.{allow,deny} to /etc
Message-ID: <bug-292667-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292667 Bug ID: 292667 Summary: cron / at: Move /var/cron/{allow,deny} and /var/at/at.{allow,deny} to /etc Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: delphij@FreeBSD.org Currently cron and at both have allow/deny list but they currently live under /var/cron and /var/at. Because these are essentially configuration files, they should live under /etc per hier(7). We intend to install an empty /etc/cron.deny by default (per POSIX, when cron.allow and cron.deny are missing, cron should treat it as disallowing unprivileged users, and an empty /etc/cron.deny would maintain the current behavior). To respect POLA, cron would be modified to check if /var/cron/{allow,deny} are present, and use them while emitting a warning in both console and log, nagging users until they perform the move, for example: [ -f /var/cron/allow ] && mv /var/cron/allow /etc/cron.allow && ln -s /etc/cron.allow /var/cron/allow [ -f /var/cron/deny ] && mv /var/cron/deny /etc/cron.deny && ln -s /etc/cron.deny /var/cron/deny -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-292667-227>