"updatedb" cron job: test if called by root

Bug #147911 reported by Daniel Hahler on 2007-10-02
Affects Status Importance Assigned to Milestone
findutils (Ubuntu)

Bug Description

Binary package hint: findutils

If you call findutils' /etc/cron.daily/find as normal user, you'll get no error, but a prompt from "su", which gets called. The label text for the "su" prompt get suppressed, so this is quite confusing, if you call the script (out of curiosity) with your normal user.

If you remove "2>/dev/null" from the call of updatedb, you'll see this:
$ LANG=C /etc/cron.daily/find
rm: cannot remove `/var/cache/locate/locatedb.n': Permission denied
su: must be run from a terminal
/usr/bin/updatedb: 310: cannot create /var/cache/locate/locatedb.n: Permission denied
su: must be run from a terminal

I'd add a check for user==root at the top of the script (debian/find-cron.daily), like:
# Only allow root to start (preventing "su" prompt, where the label text has been suppressed)
if [ "$(id -u)" != "0" ]
  echo "You must be root."
  exit 1

Related branches

Kees Cook (kees) wrote :

Normally, things in /etc/cron* shouldn't be run by regular users. I have marked this as a "wishlist" item. If you can prepare a patch for it, perhaps we can add it for Hardy? Thanks!

Changed in findutils:
importance: Undecided → Wishlist
status: New → Confirmed
Daniel Hahler (blueyed) wrote :
Changed in findutils:
status: Confirmed → Triaged
Daniel Holbach (dholbach) wrote :

Sorry, bug spam necessary because of bug 176085.

This bug has a patch attached, which needs review and sponsoring.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package findutils - 4.2.31-4ubuntu1

findutils (4.2.31-4ubuntu1) hardy; urgency=low

  [ Soren Hansen ]
  * Merge from debian unstable. All changes adopted by Debian.

  [ dAniel hAhler ]
  * debian/locate-cron.daily: test if called by root (LP: #147911)

 -- Soren Hansen <email address hidden> Wed, 16 Jan 2008 13:08:39 +0100

Changed in findutils:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers