Closed thomasfowler closed 8 years ago
What were the permissions before minicron changed them? I thought it defaulted to root:root so it wouldn't be able to edit the crontab at all.
The permissions were root:root before the edit and set to 664 so that the agent could edit the file.
Minicron user was/is a member of the root group and as such could edit the file.
What about executing the crontab edit with a sudo rather than as the user the agent is running as? Then the crontab permissions could be left as 644, which I believe is the correct setup, and ownership etc remains unchanged?
Sent from my iPhone
On 19 Nov 2014, at 8:07 PM, James White notifications@github.com wrote:
What were the permissions before minicron changed them? I thought it defaulted to root:root so it wouldn't be able to edit the file at all.
— Reply to this email directly or view it on GitHub https://github.com/jamesrwhite/minicron/issues/109#issuecomment-63685058.
Maybe #74 will help to define a workaround about permissions on this kind of host. I have the same concern about users permissions / root.
Shouldn't be an issue now given https://github.com/jamesrwhite/minicron/pull/180
Due to a number of reasons, in our environment, minicron can neither run as root nor connect to the servers to be monitored via ssh as root.
As such, I have created a minicron user that has all of the requisite permissions on the client server for the agent to run as well as for it to edit the /etc/crontab file.
However, when the edit is made, the owner and group of the file is set to minicron:minicron thus breaking all cron jobs.
We are running Debian 7 Wheezy Backports