On Wed, 07 Jun 2017 17:36:43 -0600, Todd C. Miller wrote: > CVSROOT: /cvs > Module name: src > Changes by: mill...@cvs.openbsd.org 2017/06/07 17:36:43 > > Modified files: > usr.bin/at : at.c > usr.sbin/cron : atrun.c cron.c database.c env.c globals.h > user.c > > Log message: > In cron(8), require that crontab and at files in the spool be owned > by group crontab. The at(1) command now creates files owned by > group crontab, the crontab(1) command already does this. > > Files in the crontab spool with parse errors are now ignored; > crontab(1) will not install a crontab file with parse errors. > The system crontab file (/etc/crontab) is not affected by this. > > The required permissions on crontab files have been tightened. > Files in the cron spool must be mode 0600 (as created by crontab(1)). > The system crontab file may be readable/writable by the owner, > readable by group and readable by other. The system crontab must > be readable by the owner.
Note that with this change if there are existing at jobs and you update your cron, those at jobs will not be run. New at jobs will be fine as they will be created with the group cron expects, assuming you update at as well as cron. - todd
