Date: Sun, 12 Apr 1998 18:21:54 +0400 From: =?koi8-r?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> To: "Jordan K. Hubbard" <jkh@time.cdrom.com>, committers@FreeBSD.ORG Subject: Re: Craig Leres: problems with cron and FreeBSD login classes Message-ID: <19980412182154.41014@nagual.pp.ru> In-Reply-To: <28136.892372689@time.cdrom.com>; from jkh@time.cdrom.com on Sun, Apr 12, 1998 at 02:18:09AM -0700 References: <28136.892372689@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 12, 1998 at 02:18:09AM -0700, Jordan K. Hubbard wrote: > The user is news and the login class is news. Anyway, this seems silly > to me; you've already got the login class in the password file, why not > use it instead of replicating this info in the crontab file? > > Appended is the minimal patch I made to cron/do_command.c. The idea is > to use the login class from the password file; if there isn't one in > the password file, use RESOURCE_RC (daemon). Does this change look > reasonable? Should the default just be the "default" login class? > Should it be possible to override the login class in the crontab? Let > me know what sounds reasonable and I'll submit a more complete patch. The same words are true for inetd too. This patch takes us just back to previous broken variant. See CVS notes why this variant is implemented over old one you suggest. In few words login classes have restrictions which prevents cron/inetd to do some work under particular user. Live example is "nobody" user abused by Apache. If you _want_ restrictions, use "user/class" semantics. -- Andrey A. Chernov http://www.nagual.pp.ru/~ache/ MTH/SH/HE S-- W-- N+ PEC>+ D A a++ C G>+ QH+(++) 666+>++ Y To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980412182154.41014>