topic Re: Crons in Operating System - HP-UX

Crons

Anthony J. Handy (JR. H — Mon, 10 May 1999 10:25:53 GMT

I am a blossoming Jr SYSADM in the field of HP-UX. I currently am in part
charge of two HP 9000's (K-260), and K-200). I know how to set up crons to
display date, time, to do backups and so forth. I am trying to run a cron for a
specific user and on my system it says that my security could be breached if
crons were allowed to be run under the users profile. I have already tried
builing restricted SAM for the user and that didnt work. Can this be done? I
mean is it possible? If you have any thoughts or ideas please e-mail me.
THX!!!!!!

Re: Crons

Coleman Weber_1 — Fri, 14 May 1999 05:20:32 GMT

If it is a one time deal set the job up as a root cron. If it needs to be run
as the user set up a script that you 'su - {username} -c {script name}'. This
will allow you to control the use of cron but to allow the files to run as
other users.

You may also want to look into using the 'at' command.

Hope this helps

Re: Crons

Mark_770 — Fri, 14 May 1999 06:09:06 GMT

Check the man page for 'crontab'. You can allow users to run cron jobs using
entries in /var/adm/cron/cron.allow. You can also restrict users with entries
in /var/adm/cron/cron.deny.

Regards,
Mark

Re: Crons

jean-laurent huynh_2 — Tue, 18 May 1999 01:01:17 GMT

try to add the user to the file /var/adm/cron/cron.allow

Re: Crons

Ed Donnelly — Wed, 16 Jun 1999 02:55:21 GMT

Add users name to cron.allow
vi /var/adm/cron/cron.allow

Hope this helps,
Ed

Re: Crons

Keven Jones — Thu, 01 Jul 1999 10:45:16 GMT

I am not sure if what you are trying to do requires you to run the job under
the users profile. One thing you could do is use root's crontab and setup the
job to su to the user and execute whatever needs to be executed and then exit
the shell. Hope this helps you...

Re: Crons

Michelle Boyle_1 — Fri, 02 Jul 1999 09:21:23 GMT

Have you tried su - then crontab -e to create the cron file for
that user?

Re: Crons

Jim Rudge — Mon, 05 Jul 1999 07:47:10 GMT

Its really a case of do you trust them? and by how much !

Personally, I wouldn't let a user run a cron job other than under their own
uid. Security hacks can involve set uid
where user hijacks a higher uid (e.g. root)
I may offer to run a cron job for them and output the result to their user
account, after carefully looking at their script to see if it compromises
security.
You don't want to run a job and find out their script listed
out valuable tables !!
Take a look at ACL (Access Control Lists), they may help.
If you're talking database tables then I'm lost.
Difficult to offer a general solution ...... good luck.

Re: Crons

Jakes Louw_2 — Tue, 06 Jul 1999 02:07:02 GMT

Anthony

Maybe give us a bit more detail (that is if your problem still
exists): what does this guy/user want to execute from cron?
Isn't it perhaps a command restricted for use by root?

Re: Crons

James K. Milward_1 — Tue, 05 Oct 1999 11:14:49 GMT

add the user to /var/adm/cron/at.allow AND /var/adm/cron/cron.allow. Using
TextEditor or vi

Then login as that person (or root) and setup the cronjob.