144 Commits

Author SHA1 Message Date
yar
333d04678d Add PAM support to cron(8). Now cron(8) will skip commands scheduled
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.

In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.

The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs.  E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM.  When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made.  Then it'll be
enough to set the expire field in future for the commands to run
again.  And so on.

Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.

X-Security: should benefit as users have access to cron(8) by default
2007-06-17 17:25:53 +00:00
will
03b6c30cc0 Fix a bug where HOME was not allowed to be overridden by an user's crontab
as crontab(5) states it can be.  This is supported by all vixie-cron derived
implementations; not sure why FreeBSD was any different.

PR:		bin/106442
MFC after:	2 weeks
2007-03-08 07:00:42 +00:00
brian
5a857cb91f Behave as documented when reading fields saying "X/Y" where X != *
rather than mis-parsing them as "X".

MFC after: 1 day
2006-09-26 18:06:09 +00:00
ru
27ee15c183 Use a #define to refer to /etc/crontab. 2006-09-03 17:52:19 +00:00
stefanf
372c92d219 Don't use "implicit int". Move the opening { of the functions to the next
line while there.
2006-07-20 09:11:08 +00:00
maxim
2ee476dd47 o Finally learn how to spell "privileges".
English trainer:	ceri
2006-06-11 21:13:49 +00:00
maxim
5ec37c2386 o Spell "privledges" correctly. Re-style comment. 2006-06-11 20:17:18 +00:00
maxim
e66637299e o Better be safe than sorry: check return code from setuid(2),
setgid(2), setlogin(2) and initgroups(3).  In theory they could
fail for root with some third party mac(4) policies.

Submitted by:	Kostik Belousov
MFC after:	1 month
2006-06-01 15:03:06 +00:00
brooks
81ed190221 /etc/crontab is similar enough to parse as correct if you run
"crontab /etc/crontab", but not the same format due to the who field.
Add some limited anti-foot-shooting support and refuse to load
/etc/crontab as someone's crontab.  Users wishing shoot their foot in
this manner may copy /etc/crontab elsewhere. :)

MFC After:	1 week
2006-01-10 05:56:32 +00:00
pjd
c71407b589 Pidfiles should be created with permission preventing users from opening
them for reading. When user can open file for reading, he can also
flock(2) it, which can lead to confusions.

Pointed out by:	green
2005-09-16 11:24:28 +00:00
pjd
45a889ae7c Use pidfile(3) in cron(8).
Note, that when cron(8) cannot create pidfile, it'll exit. I didn't
changed this behaviour, but its better to ignore errors other than
EEXIST, so daemon can be started on systems where /var/ file system
doesn't support locking (like NFS without rpc.lockd(8)).
2005-08-24 17:51:36 +00:00
brueffer
a4887954f7 Mention the default value of PATH and that it may be overridden.
Submitted by:	Roman Divacky
MFC after:	3 days
2005-07-31 13:41:23 +00:00
des
2bb8de20fe Remove kludges intended to support src trees with partial obj trees.
Discussed with:	ru
2005-06-10 06:12:53 +00:00
delphij
1fdabdab98 Fix parsing of '0' and non-alphanumerics in steps. Previously, an
entry having stepping value of zero can cause crontab to hang there,
and if the main crontab is being changed in this way, then cron(8)
will keep spining.

Obtained from:	OpenBSD [src/usr.sbin/cron/entry.c,v 1.17]
PR:		68683 (my own, but forgot to commit it...)
MFC After:	1 week
2005-02-14 14:09:21 +00:00
ru
6b6b8c04f6 Expand contractions. 2005-02-13 23:45:54 +00:00
ru
1541af42f1 Expand *n't contractions. 2005-02-13 22:25:33 +00:00
stefanf
b830d90adc Properly initialise the variable `deny'. 2005-02-09 13:02:43 +00:00
ru
c05985f13f Sort sections. 2005-01-18 20:02:45 +00:00
ru
f0fbc30e0d Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk.  The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by:	oliver
2004-11-03 18:01:21 +00:00
ru
5db2b9d5b3 For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
dds
19e905d90f Ensure that edits that do not span a clock tick are not lost.
PR:	bin/22612
MT5:	4 weeks
MT4:	2 weeks
2004-09-14 19:01:19 +00:00
dds
24d594eda7 Refactoring: move two similar code blocks into a seprate function. 2004-09-13 21:04:30 +00:00
dds
0caca34c52 Fix for the following behavior:
$ crontab -e
[Add an entry with an error in the crontab file.]
crontab: errors in crontab file, can't install
Do you want to retry the same edit? yes
[Exit the editor without any changes.]
crontab: no changes made to crontab
[Entry is lost.]

Now crontab will loop until the error is fixed, or the
user answers no.
2004-09-13 18:39:04 +00:00
ru
6294018a20 Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
ru
99db664fda Trim whitespace at EOL. 2004-06-04 19:24:21 +00:00
ru
3d43f7de86 Markup nits. 2004-06-04 19:23:12 +00:00
yar
ae09cae939 Add two new options to cron(8), -J and -j. They allow to specify
the maximum amount of time jitter for root and other users, respectively.
Before starting a job, cron(8) will sleep a random number of seconds,
from 0 to the amount specified.  This can help to smooth down load spikes
when a lot of jobs are to start at the beginning of a particular minute
(e.g., the first minute of an hour.)

PR:		bin/66474
Submitted by:	Dmitry Morozovsky <marck <@> rinet.ru>
2004-05-16 19:29:33 +00:00
trhodes
fe6ec445c7 Eliminate hard sentence breaks.
General markup fixes (use the .Dq macro).
2004-03-04 19:12:27 +00:00
trhodes
17c8306530 Discuss the 'MAILTO' option.
PR:		58783
Submitted by:	Marc Silver <marcs@draenor.org>
2004-01-12 20:20:29 +00:00
harti
0d82acd1ef Mention the fact that our crontab is not fully POSIX.2 conform, because
it doesn't allow the dangerous variant of calling it without any
argument.
2003-10-24 13:02:39 +00:00
silby
565718980b Fix a coredump that would occur when fdopen was unable to
return a valid fd.

PR:		49096
Submitted by:	demon
MFC after:	3 days
2003-06-19 20:04:51 +00:00
thomas
8638b961ca Allow inner whitespace in the right-hand side of an environment variable
assignment even if it is not quoted (as advertised by the man page).
This fixes a regression wrt RELENG_4 introduced in rev. 1.11.

Problem noted and patch tested by:	CHOI Junho <cjh@kr.FreeBSD.org>
Reviewed by:		roberto
2003-02-10 11:20:58 +00:00
schweikh
fec6546e12 english(4) police. 2002-12-27 12:15:40 +00:00
dd
2d81e48acc Actually use the exitstatus value that we maintain.
PR:		43562
Submitted by:	Marc Olzheim <marcolz@ilse.nl>
2002-10-01 22:59:11 +00:00
tjr
9cfc3cad44 Never allow a user to use crontab if opening /var/cron/{allow,deny} fails
for any reason other than ENOENT (think resource limits). Close allow and
deny files before allowed() returns to stop the user's EDITOR being able to
read them.

Obtained from:	OpenBSD (partially)
2002-08-04 04:32:27 +00:00
charnier
d2168fe021 The .Nm utility 2002-07-14 14:47:15 +00:00
roberto
9ace91bc72 load_env(), the function that attempts to parse a crontab
line as an environment variable assignment, is broken
and not conformant to its description in the manual page.

I think it is worthwhile to have that fix in 4.6.

PR:             bin/38374
Submitted by:   Thomas Quinot <thomas@cuivre.fr.eu.org>
MFC after:      2 days
2002-05-23 13:16:30 +00:00
ru
46bb8fed43 Mark all internal libraries with INTERNALLIB. 2002-05-13 11:24:03 +00:00
charnier
fdbc3fd42a Use `The .Nm utility' 2002-04-20 12:27:18 +00:00
dwmalone
8e0ca659ca Only remove the '\n' at the end of a line if there is one.
I missed this as part of the fix to the PR below.

PR:		31265
Submitted by:	Matthew D. Fuller <fullermd@over-yonder.net>
MFC after:	1 week
2002-04-10 22:01:37 +00:00
keramida
4f1d815552 Be a bit more verbose. "modtime" means nothing.
"modification time" is a lot better.

MFC after:      3 days
2002-03-24 00:56:38 +00:00
keramida
3dcdc645eb Grammar fix: "When at least one of the fields .. matches ...".
MFC after:      3 days
2002-03-24 00:48:07 +00:00
dwmalone
81e7919936 Describe the format of the allow and deny files. This is more-or-less
the patch Matthew submitted, but I broke the lines in a more FreeBSD
way and made one small wording change.

PR:		31265
Submitted by:	Matthew D. Fuller <fullermd@over-yonder.net>
MFC after:	3 weeks
2002-03-17 14:03:17 +00:00
bbraun
580cee0675 Make cron actually build without defining LOGIN_CAP.
Reviewed by: jkh
2002-02-06 02:00:07 +00:00
ru
1b66cb96c7 Document the -x debugging option.
PR:		docs/33784
Submitted by:	Mike Makonnen <mike_makonnen@yahoo.com>
2002-01-16 14:12:02 +00:00
mikeh
5173ef4080 Fix the @monthly and @weekly shortcuts so that they actually run
monthly and weekly, respectively. Also fix the @yearly shortcut so
that it doesn't execute daily during January. OpenBSD and NetBSD also
appear to have this bug.

PR:		bin/21152
2001-08-16 14:23:59 +00:00
ru
24c7b0a61d mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
ru
7221cd94bd mdoc(7) police: fixed the "new sentence" bogons. 2001-08-10 15:03:10 +00:00
billf
6cfdb0f461 fix misspelling introduced in rev 1.14 (sames as -> same as) 2001-07-25 04:13:01 +00:00
davidn
011fe38c96 Fix a possible NULL reference that would be triggered
by invalid input in /etc/crontab.

MFC after:	2 days
2001-07-20 06:46:48 +00:00