[BBLISA] crontab - corrected version
Sean OMeara
someara at gmail.com
Wed Jan 23 22:41:43 EST 2008
I think the most appropriate approach to this is going to be
determined by closer examination of the "why you want to do this in
the first place" question.
On Jan 23, 2008 10:35 PM, Steve Revilak <steve at srevilak.net> wrote:
> > From: Scott Ehrlich
> > Subject: [BBLISA] crontab - corrected version
>
> > So I want to see if there is a way to restrict crontab from running an
> > executable or anything else from a world-writable directory, or subdirectory
> > thereof.
>
> This is actually a pretty hard problem. Suppose you had a crontab
> entry like this
>
> # distributed crontab. There's always some oddball job that has to
> # run on a single, specific machine
> #
> # Assume mail-if-not-empty is like /bin/mail, but sends no mail
> # if there's no output
> 1 0 * * * operator hostname | grep -q "server1" && ( /path/to/some-job 2>&1 | mail-if-not-empty -s "`hostname` some-job error" sysadmin at example.com )
>
> There are five different command executions (and that's not even
> getting into what /path/to/some-job does). Maybe your crontab entries
> are simpler than that, but in order to cover the bases completely, I
> think you'd have to patch SHELL. At least a couple of OS's will just
> take that whole line and pass it to "sh -c".
>
> You could take another approach - a cron job that removes the 002 bit
> from any directory that shouldn't have it :)
>
> Steve
>
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
More information about the bblisa
mailing list