crontab Daemon-from-Hell

Robert J. Granvin rjg at sialis.mn.org
Sun Jun 4 14:37:45 AEST 1989 

I write, in response...

>>>	cd /usr/spool/uucppublic
>>>	find . -type f -mtime +30 -exec rm -f {} \;
>>
>>This is dangerous if run as root.  If anything - disk error, anything - 
>>happens to make /usr/spool/uucppublic unavailable, you will wipe your
>>file structure.
>
>??
>
>/usr/spool/uucppublic is not a required nor integral part of the
>system, filesystem, file structure or even UUCP.

Bleah.

I'll admit two things...

1/ The previous article was not written clearly.  The specific problem
was not actually mentioned (or made clear), however

2/ I did not consider the situation close enough.  As was pointed out
to me:

Bob, he didn't say it explicitly but I think his point was that if the
`cd` failed, the `find` could run on whatever the current directory is.
If this is "/", then everything older than 30 days which the script's
permissions can delete is gone...if run as root then ____.

>> 3) Safest of all, and what I do - put this stuff in uucp's cron rather
>>	than root's at all.  It's also OK to let the root cron entry do an
>>	'su uucp' first.  
>
>This is the way it is intended and supposed to be.  Never run things
>from root that aren't necessary.  If your permissions and ownerships
>are set correctly, root will not be necessary for cleaning up uucp.

The original points were actually correct.  But to add onto it, many
of you will notice that / has permissions of 777.  Even a misfed cron
as uucp might cause serious damage.  Running as uucp instead of root
would do little to contain the damage.  (This applies elsewhere as
well).

Fortunately however, for this example, the damage would _probably_ be
contained to just uucp and related directories.  But that's by no
means guaranteed.

-- 
________Robert J. Granvin________   INTERNET: rjg at sialis.mn.org
____National Computer Systems____   CONFUSED: rjg%sialis.mn.org at shamash.cdc.com
__National Information Services__       UUCP: ...uunet!rosevax!sialis!rjg
                 "Exxon: Our gasoline contains no sea water"

More information about the Unix-pc.general mailing list