crontab entries for pseudo-users

crontab entries for pseudo-users

Post by Matthew Wade Woodru » Wed, 04 Jun 1997 04:00:00



On Solaris 2.5.1 x86.

I created a "pseudo-user" named news to manage a local news
spool.  (I'm using slrn and slrnpull, if that makes a difference).

I created the user with admintool and chose "set uid" (or whatever)
instead of giving news a regular password.

What I really want to do is to have "news" fire up my ppp
connection and pull a news feed between 1 and 4 a.m.  I
am trying to do this by having "news" execute some simple
scripts via crontab entries.

Here are my problems:

1.      I can't create crontab entries for "news" unless I
        also give news a home directory (cron gives errors,
        "can't stat home directory for news").  This seems
        to defeat the purpose of having a pseudo-user, since
        I never want to login as "news" and have no need for
        a home/news directory.

2.      If I login as root and su news, I can run my news-pulling
        scripts from a terminal window (as news), but I can't get
        them to run from crontab itself.

3.      When I try to edit crontab as su news (logged in as root),
        crontab drops me into ed (ugh!) instead of reading the
        EDITOR variable that I exported from the command line.  
        I can edit news's crontab as root using crontab -e news,
        but man crontab tells me that the results can be
        "unpredictable" and I like predictability.

Presumably I can solve all of the above problems by creating a "real"
user named news with a normal password. This strikes me as a potential
security problem, however.

TIA,

--
Matthew W. Woodruff                             Tel: (212) 888-3033

 
 
 

crontab entries for pseudo-users

Post by Barry Margoli » Thu, 05 Jun 1997 04:00:00




Quote:>1.  I can't create crontab entries for "news" unless I
>    also give news a home directory (cron gives errors,
>    "can't stat home directory for news").  This seems
>    to defeat the purpose of having a pseudo-user, since
>    I never want to login as "news" and have no need for
>    a home/news directory.

When cron runs a job, it wants to set the current directory to that user's
home directory.  If you don't put a valid directory in the passwd entry,
what directory do you expect it to use instead?  If you expect it to use
the root directory, then put '/' there.

If the news user doesn't have a password, no one should be able to login as
it, so there's no harm in having a valid home directory set.  I believe
it's common to set news's home directory to something like /usr/lib/news.

Quote:>2.  If I login as root and su news, I can run my news-pulling
>    scripts from a terminal window (as news), but I can't get
>    them to run from crontab itself.

Su doesn't try to change to the user's home directory, so it doesn't have
the same problem as cron.

Quote:>3.  When I try to edit crontab as su news (logged in as root),
>    crontab drops me into ed (ugh!) instead of reading the
>    EDITOR variable that I exported from the command line.  
>    I can edit news's crontab as root using crontab -e news,
>    but man crontab tells me that the results can be
>    "unpredictable" and I like predictability.

I can't imagine what "unpredictable" results the man page could be talking
about.  A crontab entry is a crontab entry -- it doesn't matter who put it
in.  I've used "crontab -e user" hundreds of times and never had a problem.

Quote:>Presumably I can solve all of the above problems by creating a "real"
>user named news with a normal password. This strikes me as a potential
>security problem, however.

It doesn't need a password, just a home directory.  I don't see the
security problem of that.

If you want a little extra security, set the login shell to /bin/false.

--

BBN Corporation, Cambridge, MA
Support the anti-spam movement; see <http://www.cauce.org/>

 
 
 

1. crontab entries generate error message; problem with ownership of crontab file?

Hello:

For each line in my crontab file I get the following error message

        limit: coredumpsize: Can't set limit

and the entry doesn't execute.  

This happens to my user account's crontab, but not to root's.  Somehow
cron doesn't understand the command 'limit coredumpsize 1000000' in
/etc/csh.cshrc under these circumstances.

I've disovered that the problem goes away if I change the owner of
/var/spool/cron/alan to alan.alan instead of root.alan but eventually
ownership reverts back to root.alan.  Presumably cron is changing
ownership for security reasons(?).  I need more documentation on how
crontab works vis-vis crontab file ownership/permission.  Everything
worked fine for months until a few weeks ago.  Some package I updated?

FWIW:  Linux 2.0.35 (Red Hat 5.1)


Thanks much,
--Alan Vlach

2. PARPORT0 Re-Creation

3. Changing crontab entry in Ksh for different users

4. any V.35 card for Linux?

5. Yacc entry for crontab , accepting negative entry how ?

6. glibc 2.1?

7. What is the use of pseudo-users sys, bin, nobody ?

8. Encrypted backup

9. How to create a pseudo user w/ su as user?

10. What permissions should a script have for a crontab entry to

11. Q: How to suppress syslog entry in crontab?

12. Crontab entry for monthly job