Bug #781
Cannot install non-root crontab on Solaris
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Luke Kanies |
% Done: | 0% |
|
| Category: | - | |||
| Target version: | 0.24.0 | |||
| Affected Puppet version: | 0.25.4 | Branch: | ||
| Keywords: | ||||
| Votes: | 0 |
Description
Today we have discovered that you can not install a crontab for a user other than root on solaris; regardless of whether you specify a user in the type or not. It looks like there is nothing specifically wrong with the cron provider itself, but have maybe tracked it down to the :suntab filetype, and how it is manipulated.
In puppet/util/filetype.rb, there is a new file type “:suntab” defined, which is used in provider/cron/crontab.rb for Solaris. To read, remove, and write the crontabs, it invokes something similar to :
Puppet::Util::SUIDManager.asuser(@path) {
%x{crontab -l 2>/dev/null}
}
As by design in SUIDManager, this changes the euid to the appropriate user (captured by modifying the commands passed); but, it doesn’t appear to be sufficient, as all the commands are still executed as root. Owing to the way the :suntab filetype is used, it’s dependent on being able to run crontab as the target user’s user to install to the correct crontab, which fails, and this effectively results in you adding all crontab entries to root’s crontab regardless of the user.
History
Updated by Luke Kanies over 4 years ago
- Status changed from 1 to Closed
- 7 set to fixed
Hopefully fixed in [1e6ba6f].
Please file this upstream with sun, though — crontab shouldn’t ignore EUID.