浏览代码

Fix permissions on /etc/{at,cron}.allow

Permissions 640 root:root doesn't allow regular user to read
/etc/{at,cron}.allow files, that changes behavior of at / crontab
commands:

* crontab command can't read /etc/cron.allow and allow any user to modify
  their crontab files.
* at command can't read /etc/at.allow and deny every user.

at / crontab files have SGID bits set, so setting correct group
on /etc/{at,cron}.allow fixes the issue.

Change-Id: I4a3fc8d8e823498d6715e26307424e3065cbd6ca
pull/138/merge
Dmitry Teselkin 6 年前
父节点
当前提交
48e66a3a5c
共有 2 个文件被更改,包括 4 次插入4 次删除
  1. +2
    -2
      linux/system/at.sls
  2. +2
    -2
      linux/system/cron.sls

+ 2
- 2
linux/system/at.sls 查看文件

@@ -33,8 +33,8 @@ etc_at_allow:
- template: jinja
- source: salt://linux/files/cron_users.jinja
- user: root
- group: root
- mode: 0600
- group: daemon
- mode: 0640
- defaults:
users: {{ allow_users | yaml }}
- require:

+ 2
- 2
linux/system/cron.sls 查看文件

@@ -33,8 +33,8 @@ etc_cron_allow:
- template: jinja
- source: salt://linux/files/cron_users.jinja
- user: root
- group: root
- mode: 0600
- group: crontab
- mode: 0640
- defaults:
users: {{ allow_users | yaml }}
- require:

正在加载...
取消
保存