It is possible, and probable based on my read of this thread that the permissions on the crontab files manually got out of whack.
I'm no expert on 10.20, though I used it as a part time admin for a while.
Got some bad news for your security group.
Proper permissions on crontab files on 11.11
-r-------- 1 root dba 3571 Oct 8 11:16 oracle
-r-------- 1 root sys 7633 Oct 2 11:10 root
-r-------- 1 root sag 1463 Sep 24 11:09 sag
Note root owns it, but the group is the primary group of the user that should own it.
I did not modify the permissions on this file.
I have found over the years that messing around with permissions on certain files is a recipe for overnight work. It might be fine to change the permissions on those files, and Michael's practices are good, should be followed.
It might be fine to put platinium tip spark plugs in my Truck. It might make me more secure because I can get away from criminals faster. But... It might damage the engine. Bad analogy, but its been a long day.
It might have an unintended nasty effect as well.
Sometimes the default permissions on files are bad. In this case, the permissions are very tight, the crontab -e command lets you access them as the user involved.
With my usual lack of subtley, your security people, do they know Unix? Why are the mandating this change? Does it make sense?
If not in this case these questions may need to be asked in other mandated standards.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
