drop root for crontab
Bug #1560744 reported by
Steven Dake
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| kolla |
Won't Fix
|
Medium
|
Unassigned | ||
Bug Description
crontab runs as root. I think it is possible in the kolla use case to run cron for logrotate as a non-root user.
Four things need to happen:
/run needs to be mode 775 and owned by kolla (to permit writing of the pid file).
crontab needs to run as the kolla user and group
crontab needs to use sudo to logrotate
logrotate needs to be added to the sudoers file for cron
Revision history for this message
| Steven Dake (sdake) wrote | #1 |
| Changed in kolla: | |
| assignee: | nobody → Steven Dake (sdake) |
| milestone: | none → newton-1 |
| importance: | Undecided → Critical |
| status: | New → Confirmed |
Revision history for this message
| Steven Dake (sdake) wrote | #2 |
Revision history for this message
| Steven Dake (sdake) wrote | #3 |
| no longer affects: | kolla/mitaka |
| Changed in kolla: | |
| assignee: | Steven Dake (sdake) → nobody |
| milestone: | newton-1 → newton-2 |
| Changed in kolla: | |
| milestone: | newton-2 → newton-3 |
| Changed in kolla: | |
| milestone: | newton-3 → occata-1 |
| Changed in kolla: | |
| milestone: | ocata-1 → ocata-2 |
| Changed in kolla: | |
| milestone: | ocata-2 → ocata-3 |
| Changed in kolla: | |
| milestone: | ocata-3 → ocata-rc1 |
| Changed in kolla: | |
| milestone: | ocata-rc1 → pike-1 |
| Changed in kolla: | |
| importance: | Critical → Medium |
Revision history for this message
| Duong Ha-Quang (duonghq) wrote | #4 |
| Changed in kolla: | |
| status: | Confirmed → Won't Fix |
To post a comment you must log in.
After changing /run to 777:
[sdake@minime-03 cron.d]$ crond -n
setuid: Operation not permitted