drop root for crontab
Bug #1560744 reported by
Steven Dake
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
crontab runs as root. I think it is possible in the kolla use case to run cron for logrotate as a non-root user.
Four things need to happen:
/run needs to be mode 775 and owned by kolla (to permit writing of the pid file).
crontab needs to run as the kolla user and group
crontab needs to use sudo to logrotate
logrotate needs to be added to the sudoers file for cron
no longer affects: | kolla/mitaka |
Changed in kolla: | |
assignee: | Steven Dake (sdake) → nobody |
milestone: | newton-1 → newton-2 |
Changed in kolla: | |
milestone: | newton-2 → newton-3 |
Changed in kolla: | |
milestone: | newton-3 → occata-1 |
Changed in kolla: | |
milestone: | ocata-1 → ocata-2 |
Changed in kolla: | |
milestone: | ocata-2 → ocata-3 |
Changed in kolla: | |
milestone: | ocata-3 → ocata-rc1 |
Changed in kolla: | |
milestone: | ocata-rc1 → pike-1 |
Changed in kolla: | |
importance: | Critical → Medium |
To post a comment you must log in.
After changing /run to 777:
[sdake@minime-03 cron.d]$ crond -n
setuid: Operation not permitted