From: Scott Ehrlich Subject: [BBLISA] crontab - corrected version
So I want to see if there is a way to restrict crontab from running an executable or anything else from a world-writable directory, or subdirectory thereof.
This is actually a pretty hard problem. Suppose you had a crontab entry like this # distributed crontab. There's always some oddball job that has to # run on a single, specific machine # # Assume mail-if-not-empty is like /bin/mail, but sends no mail # if there's no output 1 0 * * * operator hostname | grep -q "server1" && ( /path/to/some-job 2>&1 | mail-if-not-empty -s "`hostname` some-job error" [EMAIL PROTECTED] ) There are five different command executions (and that's not even getting into what /path/to/some-job does). Maybe your crontab entries are simpler than that, but in order to cover the bases completely, I think you'd have to patch SHELL. At least a couple of OS's will just take that whole line and pass it to "sh -c". You could take another approach - a cron job that removes the 002 bit from any directory that shouldn't have it :) Steve _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
