Your message dated Tue, 4 Nov 2014 16:11:58 +0100 with message-id <cadstwj+e04wr9q1dmsmcrzum8yt_lig8vekj7iod4ogxbfy...@mail.gmail.com> and subject line Re: Bug#767894: More permission issues has caused the Debian Bug report #767894, regarding More permission issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 767894: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767894 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: systemd-cron Version: 1.3.1+ds1-1 Severity: minor Generally, crontabs are only visible by the owner. After #766053 gets fixed, the issue still remains in the sense that the generated units/timers (coming from crontabs) have root:root 644 permissions, which are readable by everyone. I've seen 'journalctl' actually uses ACLs, so maybe it's safe to use ACLs by default now since systemd is a dependency? In that case, I would chmod the user-generated units/timers to 640, and add an explicit ACL for 400 user:root (the same is done by journald when using the 'login' splitting method - so I'm not using a new method here). This prevents the file to be modified by the user, while still giving him r/o access. Not that we strictly need it anyway: 640 root:root would be enough. The description itself contains a copy of the crontab line. I would actually prefer the normal description to be just "crontab-user:line" (easier to debug than matching text). It's less noisy in the unit list, and also easier to grep for. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (900, 'unstable'), (800, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages systemd-cron depends on: ii init-system-helpers 1.21 ii python 2.7.8-2 pn python:any <none> ii systemd-sysv 215-5+b1 systemd-cron recommends no packages. systemd-cron suggests no packages. -- debsums errors found: debsums: changed file /lib/systemd/system-generators/systemd-crontab-generator (from systemd-cron package)
--- End Message ---
--- Begin Message ---This change make systemd complain; i reverted-it: +-------------------------------------- | Configuration file /run/systemd/generator/cron-pi-pi-0.timer is marked world -inaccessible. | This has no effect as configuration data is accessible via APIs without restrictions. | Proceeding anyway. +-------------------------------------- >I would actually prefer the normal description to be just "crontab-user:line" >(easier to debug than matching text). It's less noisy in the unit list, and >also easier to grep for. You don't need grep to do this ; this can be done with "journalctl -u cron-..." that also gives you autocomplete and globing ("journalctl -u cron-user-*" just works)
--- End Message ---
_______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
