https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292667
Bug ID: 292667
Summary: cron / at: Move /var/cron/{allow,deny} and
/var/at/at.{allow,deny} to /etc
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
Currently cron and at both have allow/deny list but they currently live under
/var/cron and /var/at.
Because these are essentially configuration files, they should live under /etc
per hier(7).
We intend to install an empty /etc/cron.deny by default (per POSIX, when
cron.allow and cron.deny are missing, cron should treat it as disallowing
unprivileged users, and an empty /etc/cron.deny would maintain the current
behavior).
To respect POLA, cron would be modified to check if /var/cron/{allow,deny} are
present, and use them while emitting a warning in both console and log, nagging
users until they perform the move, for example:
[ -f /var/cron/allow ] && mv /var/cron/allow /etc/cron.allow && ln -s
/etc/cron.allow /var/cron/allow
[ -f /var/cron/deny ] && mv /var/cron/deny /etc/cron.deny && ln -s
/etc/cron.deny /var/cron/deny
--
You are receiving this mail because:
You are the assignee for the bug.
