HPE Community
Operating System - HP-UX
1833059 Members
2526 Online
110049 Solutions
New Discussion

Re: non-root user cannot edit its own (existing) crontab

 
F. X. de Montgolfier
Valued Contributor

‎12-09-2002 06:15 AM

‎12-09-2002 06:15 AM

non-root user cannot edit its own (existing) crontab

Hello,

I have a HP-UX11.0 system with 3 users set in cron.allow.
As root, I can crontab -e without any problem, and the crontab is executed.
As , though, "crontab -"l" doesn't show anything, "crontab -e" doesn't allow me to edit my crontab and "crontab file" doesn't overwrite the crontab.

The user _must_ be able to change its crontab. Does anybody know what may be the cause of this?
All unnecessary inetd services have been closed due to security requirements. May one of the "superfluous"services be in fact needed? If so, how comes that root can use the crontab?

Regards,

Fran??ois-Xavier
0 Kudos
Reply
13 REPLIES 13
Rodney Hills
Honored Contributor

‎12-09-2002 06:36 AM

‎12-09-2002 06:36 AM

Re: non-root user cannot edit its own (existing) crontab

Could be a permissions/ownership issue. As root, try removing the /usr/spool/cron/crontabs/USER file. Then log on as USER and use "crontab file" to create the crontab entry.

HTH

-- Rod Hills
There be dragons...
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎12-09-2002 06:41 AM

‎12-09-2002 06:41 AM

Re: non-root user cannot edit its own (existing) crontab

Hello,

Was the crontab originally created by root? what is the ownership of the crontabs in question?

What I would do is this:

as root

# crontab -l > cron.out
#chown : cron.out

Then as the user:

$ crontab cron.out

See if this works

Hope this helps

Chris
It wasn't me!!!!
0 Kudos
Reply
Frank Slootweg
Honored Contributor

‎12-09-2002 06:42 AM

‎12-09-2002 06:42 AM

Re: non-root user cannot edit its own (existing) crontab

> As , though, "crontab -"l" doesn't show anything, "crontab -e"
> doesn't allow me to edit my crontab and "crontab file" doesn't overwrite the crontab.

For each of these three scenario's, which (error) message(s) do you get?
0 Kudos
Reply
Jean-Louis Phelix
Honored Contributor

‎12-09-2002 06:49 AM

‎12-09-2002 06:49 AM

Re: non-root user cannot edit its own (existing) crontab

hi,

It's possible to create crontab files for a given user even if this user is not allowed to use cron. Have a look to 'man crontab' fro explanation about crontab.allow and crontab.deny files.

Regards.

PS : in this case messages should be kind of "crontab: you are not authorized to use cron. Sorry."
It works for me (© Bill McNAMARA ...)
0 Kudos
Reply
F. X. de Montgolfier
Valued Contributor

‎12-09-2002 07:09 AM

‎12-09-2002 07:09 AM

Re: non-root user cannot edit its own (existing) crontab

Hi,

some precisions:

- the cron.allow file is correct, so the user should be able to use crontab.
- when removing the crontab of the user (as root), the user still cannot use the crontab command.
-I tried chmod -r 777 /var/spool/cron/crontabs to see if there would be any changes. There aren't any (and yes, I _did_ put back the correct rights afterwards ;-))
- there are no error messages
- the return code of calls to the crontab is 0

What I truly don't understand is that root can call crontab correctly, but not the other users. I'd think it was a problem of crontab not being able to call vi, but then why would it work for root?

Cheers,

Fran??ois-Xavier
0 Kudos
Reply
Frank Slootweg
Honored Contributor

‎12-09-2002 07:17 AM

‎12-09-2002 07:17 AM

Re: non-root user cannot edit its own (existing) crontab

I advise to temporarily:

- Remove/rename /var/adm/cron/cron.allow
*and*
- Make an *empty*, i.e. 0 bytes, /var/adm/cron/cron.deny

That way, all non-root users should be able to use crontab(1) (see the crontab(1) manual page).

If that works, work from there.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎12-09-2002 07:17 AM

‎12-09-2002 07:17 AM

Re: non-root user cannot edit its own (existing) crontab

Hi,

I know it doesn't make sense but is a microsoft's idea.

Stop the cron. /sbin/init.d/cron stop
Remove the user files
mv /var/spool/cron/crontabs/USER /somewhere
Start the cron. /sbin/init.d/cron start
As a USER do, crontab -e

and see if it allows.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
F. X. de Montgolfier
Valued Contributor

‎12-09-2002 07:42 AM

‎12-09-2002 07:42 AM

Re: non-root user cannot edit its own (existing) crontab

Thanks for all the answers. I have to go onsite to have access to the system, thus will not be able to test the solutions and assign points before next thursday, but thanks for the help!

Fran??ois-Xavier
0 Kudos
Reply
F. X. de Montgolfier
Valued Contributor

‎12-12-2002 12:48 AM

‎12-12-2002 12:48 AM

Re: non-root user cannot edit its own (existing) crontab

Okay, some updates:

I tried all of the above solutions, thinking that maybe I had not tried one, but so far no luck...

An additional precision: because of security issues, our server is configured with only 4 ports open:
port 22 is used for ssh connections
ftp, login and shell ports are restricted to localhost (using inetd.sec).
I would say this is the problem, but then why is root still able to use crontab -e?

Cheers,

FiX
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎12-12-2002 01:01 AM

‎12-12-2002 01:01 AM

Re: non-root user cannot edit its own (existing) crontab

Hi,

DO this as root. problem will be solved.

#chmod +s /bin/crontab

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
F. X. de Montgolfier
Valued Contributor

‎12-12-2002 02:47 AM

‎12-12-2002 02:47 AM

Re: non-root user cannot edit its own (existing) crontab

Hi,

I really thought chmoding might be the solution. unfortunately, no luck either...
my next try will be to try removing the inetd.sec file, and check whether crontab works again, but I have to unplug the computer from the network before being allowed to do so... I'll post again to the thread once I've tried it.

Cheers,

FiX
0 Kudos
Reply
F. X. de Montgolfier
Valued Contributor

‎12-12-2002 08:58 AM

‎12-12-2002 08:58 AM

Re: non-root user cannot edit its own (existing) crontab

Okay, last status for this problem is the following one:

the user still cannot use crontab. But if I add another non-root user of the same group in the cron.allow file, everything works properly.
I created a new user, copied the profile files from the old user to the new, and checked that the new user could use crontab: it could...

in the end, I copied all the user's file to the new user, chowned them appropriately, checked that there was no problem with the new user, and destroyed the old one (after a back up, I may be stupid but I'm not _totally insane_ ).

I still don't have _any_ idea of why the old user could not use crontab, though...

FiX
0 Kudos
Reply
Judy Traynor
Valued Contributor

‎12-13-2002 12:52 PM

‎12-13-2002 12:52 PM

Re: non-root user cannot edit its own (existing) crontab

Maybe its too late now - but check the value of the user's UMASK -

could be the user had this set so that he masked himself/herself out of the file once it was originally written.
Sail With the Wind
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.