ソースを参照
Fix permissions on /etc/{at,cron}.allow
Permissions 640 root:root doesn't allow regular user to read
/etc/{at,cron}.allow files, that changes behavior of at / crontab
commands:
* crontab command can't read /etc/cron.allow and allow any user to modify
their crontab files.
* at command can't read /etc/at.allow and deny every user.
at / crontab files have SGID bits set, so setting correct group
on /etc/{at,cron}.allow fixes the issue.
Change-Id: I4a3fc8d8e823498d6715e26307424e3065cbd6ca
pull/138/merge
Dmitry Teselkin
6年前
+ 2
- 2
linux/system/at.sls
ファイルの表示
| @@ -33,8 +33,8 @@ etc_at_allow: | |||
| - template: jinja | |||
| - source: salt://linux/files/cron_users.jinja | |||
| - user: root | |||
| - group: root | |||
| - mode: 0600 | |||
| - group: daemon | |||
| - mode: 0640 | |||
| - defaults: | |||
| users: {{ allow_users | yaml }} | |||
| - require: | |||
+ 2
- 2
linux/system/cron.sls
ファイルの表示
| @@ -33,8 +33,8 @@ etc_cron_allow: | |||
| - template: jinja | |||
| - source: salt://linux/files/cron_users.jinja | |||
| - user: root | |||
| - group: root | |||
| - mode: 0600 | |||
| - group: crontab | |||
| - mode: 0640 | |||
| - defaults: | |||
| users: {{ allow_users | yaml }} | |||
| - require: | |||
読み込み中…