freebsd-skq/etc
yar 333d04678d Add PAM support to cron(8). Now cron(8) will skip commands scheduled
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.

In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.

The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs.  E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM.  When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made.  Then it'll be
enough to set the expire field in future for the commands to run
again.  And so on.

Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.

X-Security: should benefit as users have access to cron(8) by default
2007-06-17 17:25:53 +00:00
..
bluetooth Correct BD_ADDR entry for "Dummy" device in the default hcsecd.conf. 2006-05-18 17:53:49 +00:00
defaults Add a new rc.conf variable, sendmail_rebuild_aliases, which tells 2007-06-12 17:33:23 +00:00
etc.amd64 Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
etc.arm Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
etc.i386 Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
etc.ia64 Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
etc.powerpc Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
etc.sparc64 Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
gss Add a new extensible GSS-API layer which can support GSS-API plugins, 2005-12-29 14:40:22 +00:00
isdn Two years ago, in rev. 1.12, a typo slipped in etc/isdn/Makefile: 2006-03-07 09:53:11 +00:00
mail Finish adding _dhcp user. 2005-06-07 03:41:20 +00:00
mtree s/tabs/spaces/ 2007-06-01 18:53:36 +00:00
namedb In accordance with my intentions announced (and not objected to) 2005-09-05 13:42:22 +00:00
pam.d Add PAM support to cron(8). Now cron(8) will skip commands scheduled 2007-06-17 17:25:53 +00:00
periodic o Install 480.status-ntpd. 2007-05-14 17:34:59 +00:00
ppp Catch up with PHK's sio(4) cuaa->cuad rework [sys/dev/sio/sio.c rev. 1.456]. 2004-11-19 17:12:56 +00:00
rc.d Add a new rc.conf variable, sendmail_rebuild_aliases, which tells 2007-06-12 17:33:23 +00:00
root Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
sendmail Use new OSTYPE(freebsd6). 2005-06-14 02:25:17 +00:00
amd.map Switch default proto to TCP. 2006-11-06 01:42:11 +00:00
apmd.conf
auth.conf
cached.conf - Extend the nsswitch to support Services, Protocols and Rpc 2006-04-28 12:03:38 +00:00
crontab
csh.cshrc
csh.login Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
csh.logout
devd.conf There can be many reasons of VDEV failures, so log type as well. 2007-04-08 16:05:23 +00:00
devfs.conf Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
dhclient.conf
disktab Replace duplicate and not quite accurate capabilities 2006-10-14 16:39:03 +00:00
fbtab
freebsd-update.conf Add FreeBSD Update 2.0 client code. The build code is in the projects 2006-08-31 09:51:34 +00:00
ftpusers Finish adding _dhcp user. 2005-06-07 03:41:20 +00:00
gettytab Add autologin entries (al.NNN) for higher console speeds. 2006-04-11 09:54:23 +00:00
group Create group ftp by default. This is gid 14 as this is the historical 2007-06-11 18:36:39 +00:00
hosts
hosts.allow Comment out lines that use example addresses and example.com names so 2006-08-29 09:20:48 +00:00
hosts.equiv
hosts.lpd
inetd.conf Re-add lukemftpd. It has: PAM, MAC, per-class nologin files, 2006-08-31 17:15:10 +00:00
libalias.conf Fix a regression: let natd load libalias modules before /usr is mounted 2006-10-08 14:02:00 +00:00
login.access Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
login.conf Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
mac.conf
Makefile Summer of Code 2005: improve libalias - part 1 of 2 2006-09-26 23:26:53 +00:00
man.alias
master.passwd Add _dhcp user/group as required by the OpenBSD dhclient. 2005-06-06 20:19:56 +00:00
minfree
motd
netconfig
netstart Remove reference to no longer existant /etc/rc.d/pccard. 2006-05-30 02:10:01 +00:00
network.subr Do not attempt to load the kernel module when checking if an interface exists. 2007-05-23 00:18:44 +00:00
networks
newsyslog.conf - Update etc/rc.d/newsyslog to FreeBSD standards and install it. 2005-03-02 00:40:55 +00:00
nls.alias
nscd.conf - Extend the nsswitch to support Services, Protocols and Rpc 2006-04-28 12:03:38 +00:00
nsmb.conf
nsswitch.conf Install /etc/nsswitch.conf statically rather than generating it at 2006-05-03 15:14:47 +00:00
opieaccess
pccard_ether Disable IPv6 configuration for interfaces in pccard_ether_start(). 2006-12-08 15:48:42 +00:00
pf.conf Document the user/group LOR in our sample pf.conf 2006-01-27 17:16:20 +00:00
pf.os Synchronize pf.os with OpenBSD. 2006-10-23 05:09:44 +00:00
phones Kill the default phone numbers. 2006-08-31 21:13:12 +00:00
portsnap.conf Add a warning pointing out that incomplete ports trees are not 2006-01-18 03:40:57 +00:00
printcap Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
profile Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
protocols Update /etc/protocols with IANA list updated 2007-02-12 2007-05-20 03:55:22 +00:00
rc Add a dummy script, FILESYSTEMS, which depends on root and mountcritlocal 2007-04-02 22:53:07 +00:00
rc.bsdextended Clean up, comment out non-base utilities, fix up comments. 2006-04-22 11:02:44 +00:00
rc.firewall s/IPFW(4)/ipfw(4) to match the actual man page name. 2007-04-05 10:44:25 +00:00
rc.firewall6 Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts. 2006-05-12 19:17:34 +00:00
rc.initdiskless - put some common code in a function handle_remount(); 2006-12-03 23:50:29 +00:00
rc.resume
rc.sendmail
rc.shutdown Introduce startup scripts from the local_startup directories to 2005-12-02 20:06:07 +00:00
rc.subr Be robust to a bogus script specification or contents 2007-06-04 11:39:35 +00:00
rc.suspend
remote Reflect sio driver device name change cuaa -> cuad 2004-10-13 08:32:34 +00:00
rpc Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
services Bring the well known ports of /etc/services into sync with the IANA 2007-05-20 03:31:52 +00:00
shells
snmpd.config o Fix a comment: refer to the write community name by the OID not by 2006-12-31 11:19:48 +00:00
sysctl.conf
syslog.conf Fix a terrible braino in last commit. Put kern.debug back to /var/log/messages 2005-03-12 12:31:16 +00:00
termcap.small Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00