Package: cron
Version: cron_3.0pl1-105
Severity: normal
Tags: patch
Cron is supposed to honor environment variables as specified in
/etc/environment and /etc/security/pam_env.conf, the supported
methods of defining environment variables to be inherited by
interactive logins as well as cron jobs, but it fails to do so.
The documentation, crontab(5) claims that it honors them:
On the Debian GNU/Linux system, cron supports the pam_env module, and
loads the environment specified by /etc/security/pam_env.conf. How-
Unfortunately, the PAM configuration for cron does not accomplish this.
The shipped /etc/pam.d/cron provides:
auth required pam_env.so
Howvever cron's use of pam does is not under the "auth" service,
but rather under "session"; so this well-meaning configuration line
is ignored. The patch to fix this is trivial:
--- cron-3.0pl1.orig/debian/cron.pam 2009/01/13 00:00:00 1.1
+++ cron-3.0pl1.orig/debian/cron.pam 2009/01/13 02:29:21
@@ -3,7 +3,7 @@
#
@include common-auth
-auth required pam_env.so
+session required pam_env.so
@include common-account
@include common-session
# Sets up user limits, please define limits for cron tasks
It appears that this line was added but not properly tested
as part of cron 3.0pp11-78 in an attempt to close
#203737 ("*Use the PAM environment settings, if so configured.
(closes: #203737)", "Steve Greenland <stev...@debian.org> Sun, 14 Sep
2003 16:53:36 -0500").
Somewhat tangentially, it's a bit odd to me that the crontab(5) mentions
/etc/pam.d/pam_env.conf but not /etc/environment. pam_env.so reads
both, and I think for most users, the use of /etc/environment is
more intuitive and straightforward. So perhaps it's also appropriate
to update crontab(5):
--- cron-3.0pl1.orig/crontab.5 2009/01/13 00:00:00 1.1
+++ cron-3.0pl1.orig/crontab.5 2009/01/13 02:30:03
@@ -84,6 +84,8 @@
On the Debian GNU/Linux system, cron supports the
.B pam_env
module, and loads the environment specified by
+.IR /etc/environment
+and
.IR /etc/security/pam_env.conf .
However, the PAM setting do
.B NOT
This bug was found under Ubuntu (cron_3.0pl1-100ubuntu2)
but still exists under Debian (cron_3.0pl1-105); the above
paths and patches are relative to Debian, though they
apply to Ubuntu as well, though the first patch is against
cron-3.0pl1/debian/cron/etc/pam.d/cron instead of
cron-3.0pl1.orig/debian/cron.pam).
-- System Information:
Debian Release: lenny/sid
APT prefers hardy-updates
APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-22-server (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages cron depends on:
ii adduser 3.105ubuntu1 add and remove users and groups
ii debianutils 2.28.2-0ubuntu1 Miscellaneous utilities specific t
ii libc6 2.7-10ubuntu4 GNU C Library: Shared libraries
ii libpam0g 0.99.7.1-5ubuntu6.1 Pluggable Authentication Modules l
ii libselinux1 2.0.55-0ubuntu4 SELinux policy enforcement, run-ti
ii lsb-base 3.2-4ubuntu1 Linux Standard Base 3.2 init scrip
ii sysv-rc 2.86.ds1-14.1ubuntu45 System-V-like runlevel change mech
Versions of packages cron recommends:
ii sendmail-bin [mail-transp 8.14.2-2build1 powerful, efficient, and scalable
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
