cvs commit: src/etc/pam.d Makefile cron src/usr.sbin/cron/cron Makefile cron.8 cron.h database.c do_command.c src/usr.sbin/cron/lib Makefile entry.c

Yar Tikhiy yar at FreeBSD.org
Sun Jun 17 17:25:53 UTC 2007


yar         2007-06-17 17:25:53 UTC

  FreeBSD src repository

  Modified files:
    etc/pam.d            Makefile 
    usr.sbin/cron/cron   Makefile cron.8 cron.h database.c 
                         do_command.c 
    usr.sbin/cron/lib    Makefile entry.c 
  Added files:
    etc/pam.d            cron 
  Log:
  Add PAM support to cron(8).  Now cron(8) will skip commands scheduled
  by unavailable accounts, e.g., those locked, expired, not allowed in at
  the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
  This applies to personal crontabs only, /etc/crontab is unaffected.
  
  In other words, now the account management policy will apply to
  commands scheduled by users via crontab(1) so that a user can no
  longer use cron(8) to set up a delayed backdoor and run commands
  during periods when the admin doesn't want him to.
  
  The PAM check is done just before running a command, not when loading
  a crontab, because accounts can get locked, expired, and re-enabled
  any time with no changes to their crontabs.  E.g., imagine that you
  provide a system with payed access, or better a cluster of such
  systems with centralized account management via PAM.  When a user
  pays for some days of access, you set his expire field respectively.
  If the account expires before its owner pays more, its crontab
  commands won't run until the next payment is made.  Then it'll be
  enough to set the expire field in future for the commands to run
  again.  And so on.
  
  Document this change in the cron(8) manpage, which includes adding
  a FILES section and touching the document date.
  
  X-Security: should benefit as users have access to cron(8) by default
  
  Revision  Changes    Path
  1.16      +1 -0      src/etc/pam.d/Makefile
  1.1       +9 -0      src/etc/pam.d/cron (new)
  1.16      +4 -4      src/usr.sbin/cron/cron/Makefile
  1.25      +25 -2     src/usr.sbin/cron/cron/cron.8
  1.17      +1 -0      src/usr.sbin/cron/cron/cron.h
  1.9       +2 -2      src/usr.sbin/cron/cron/database.c
  1.27      +46 -0     src/usr.sbin/cron/cron/do_command.c
  1.8       +1 -1      src/usr.sbin/cron/lib/Makefile
  1.19      +2 -0      src/usr.sbin/cron/lib/entry.c


More information about the cvs-src mailing list