I think the most appropriate approach to this is going to be determined by closer examination of the "why you want to do this in the first place" question.
On Jan 23, 2008 10:35 PM, Steve Revilak <[EMAIL PROTECTED]> wrote: > > From: Scott Ehrlich > > Subject: [BBLISA] crontab - corrected version > > > So I want to see if there is a way to restrict crontab from running an > > executable or anything else from a world-writable directory, or subdirectory > > thereof. > > This is actually a pretty hard problem. Suppose you had a crontab > entry like this > > # distributed crontab. There's always some oddball job that has to > # run on a single, specific machine > # > # Assume mail-if-not-empty is like /bin/mail, but sends no mail > # if there's no output > 1 0 * * * operator hostname | grep -q "server1" && ( /path/to/some-job > 2>&1 | mail-if-not-empty -s "`hostname` some-job error" [EMAIL PROTECTED] ) > > There are five different command executions (and that's not even > getting into what /path/to/some-job does). Maybe your crontab entries > are simpler than that, but in order to cover the bases completely, I > think you'd have to patch SHELL. At least a couple of OS's will just > take that whole line and pass it to "sh -c". > > You could take another approach - a cron job that removes the 002 bit > from any directory that shouldn't have it :) > > Steve > > > _______________________________________________ > bblisa mailing list > [email protected] > http://www.bblisa.org/mailman/listinfo/bblisa > _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
