Bug#1049353: cron-daemon-common: please ship tmpfiles.d and sysusers.d snippets

Mon, 14 Aug 2023 07:57:14 -0700 

Package: cron-daemon-common
Version: 3.0pl1-164
Severity: normal
X-Debbugs-Cc: наб <nabijaczlew...@nabijaczleweli.xyz>


Would you be OK to accept to merge a patch that adds
sysusers.d & tmpfiles.d support to cron-daemon-common ?

This would make the system more auditable.


The old logic in .postrm: it is idempotent after all.


Whenever you are ready you can start using:

  systemd-standalone-tmpfiles &
  dh_installsysusers (alreay in DebHelper, will be standardwith DH>=14)

... to do the job for you.


As I understand from cron history (the CVE...)
it may be better to not rush this too much
and keep the old open code around for a while.


Greetings,


> # Add group for crontabs
> getent group crontab > /dev/null 2>&1 || addgroup --system crontab

That would be one line in:
  /lib/sysusers.d/cron-daemon-common.conf

> # Fixup crontab , directory and files for new group 'crontab'.
> if [ -d $crondir/crontabs ] ; then
>    chown root:crontab $crondir/crontabs
>    chmod 1730 $crondir/crontabs

That would be one line in:
  /lib/tmpfiles.d/cron-daemon-common.conf


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (501, 'testing'), (450, 'unstable'), (400, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-2-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cron-daemon-common depends on:
ii  adduser  3.137

cron-daemon-common recommends no packages.

cron-daemon-common suggests no packages.

-- Configuration Files:
/etc/crontab changed:
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || { cd / && run-parts 
--report /etc/cron.daily; }
47 6    * * 7   root    test -x /usr/sbin/anacron || { cd / && run-parts 
--report /etc/cron.weekly; }
52 6    1 * *   root    test -x /usr/sbin/anacron || { cd / && run-parts 
--report /etc/cron.monthly; }
MAILTO=alexandre.deti...@gmail.com
10 7   * * 2-7   root   /bin/true
1 * * * mon-wed root true


-- no debconf information

Reply via email to