Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2001 11:20 AM
01-04-2001 11:20 AM
root instead of the username. This way it is easier to keep an eye on. We have one machine and the only user who needs a cronjob.
I was wondering if it is bad form to have the job run as root instead of the username. The cronjob is not related to the OS. Just an application job that prints several reports.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2001 11:29 AM
01-04-2001 11:29 AM
Re: Cron
Well, to read the execution output (cron has mailed it to root) you will have to be root, to change the schedule you would have to be root...
the best is to create an operator uid=> like oper like that you could give the passwd of oper to who is in charge of the job...
Like that youre on the safe side...
all the best
Victor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2001 11:46 AM
01-04-2001 11:46 AM
SolutionIf a task doesn't need to run as 'root', then don't cron it from root. This is especially true if root isn't the owner of the script!!!
From a security, accounting, and management standpoint don't clutter root's crontab with anything that doesn't need to be there.
A middleground would be to use: 'su -
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2001 07:14 PM
01-06-2001 07:14 PM
Re: Cron
Just keep in mind that if the user has write permition for that script he can modify the script the way he wants ( rm -r * for example) and the script will be run with root rights. Just imagine what can happen....
I would use su -l user -c script_name
Ovidiu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2001 10:18 AM
01-07-2001 10:18 AM
Re: Cron
Ovidiu is has hit the nail on the head.
Never Never give a user this amount of power.
It is quite feasible that this user may one day wish to clean up these jobs and put a rm -r * in their script.
This user, scripting with this power can ftp out any data on the machine, copy payroll data to their own dir, create a root level entry in the passwd file, leave a software package for you if they were fired - the list is endless.
Two options come to mind: -
1. You take full control of their routine.
2. Use su in the crontab - as already mentioned.
Paula
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2001 10:04 PM
01-07-2001 10:04 PM
Re: Cron
If you want to avoid security issues you can either:
1. Let that script run in the user's crontab. This will guarantee that no harm can be done at the system level, as script will run with the user's UID.
2. Have that script in root's crontab, but run it with 'su -
In the second case, root will have full control over the job: when it runs, receive email messages....
Both will be OK at the security level.
Best regards,
Dan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2001 11:35 AM
01-09-2001 11:35 AM
Re: Cron
I am the only UNIX guy who works in our department and it helps to bounce these issues off of UNIX people.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2001 03:11 PM
01-10-2001 03:11 PM
Re: Cron
I am sure I am not alone is saying you are most welcome.
:^)
Paula
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2001 03:42 PM
01-10-2001 03:42 PM
Re: Cron
You are definitely NOT alone! The more I learn the more I realize how much I don't know; trite, perhaps, but so true. This Forum (and others) exist for ALL of us to learn and to teach. Welcome. Please come and stay.
Regards, Jim.
...JRF...