Browse Source
Fix permissions on /etc/{at,cron}.allow
Permissions 640 root:root doesn't allow regular user to read
/etc/{at,cron}.allow files, that changes behavior of at / crontab
commands:
* crontab command can't read /etc/cron.allow and allow any user to modify
their crontab files.
* at command can't read /etc/at.allow and deny every user.
at / crontab files have SGID bits set, so setting correct group
on /etc/{at,cron}.allow fixes the issue.
Change-Id: I4a3fc8d8e823498d6715e26307424e3065cbd6ca
pull/138/merge
Dmitry Teselkin
6 years ago
2 changed files with 4 additions and 4 deletions
+ 2
- 2
linux/system/at.sls
View File
| - template: jinja | - template: jinja | ||||
| - source: salt://linux/files/cron_users.jinja | - source: salt://linux/files/cron_users.jinja | ||||
| - user: root | - user: root | ||||
| - group: root | |||||
| - mode: 0600 | |||||
| - group: daemon | |||||
| - mode: 0640 | |||||
| - defaults: | - defaults: | ||||
| users: {{ allow_users | yaml }} | users: {{ allow_users | yaml }} | ||||
| - require: | - require: |
+ 2
- 2
linux/system/cron.sls
View File
| - template: jinja | - template: jinja | ||||
| - source: salt://linux/files/cron_users.jinja | - source: salt://linux/files/cron_users.jinja | ||||
| - user: root | - user: root | ||||
| - group: root | |||||
| - mode: 0600 | |||||
| - group: crontab | |||||
| - mode: 0640 | |||||
| - defaults: | - defaults: | ||||
| users: {{ allow_users | yaml }} | users: {{ allow_users | yaml }} | ||||
| - require: | - require: |
Loading…