Add -p option for crontab.

Without the -p option /etc/crontab must not be writable by any
user other than root, no crontab files may be links, or linked
to by any other file, and no crontab files may be executable,
or be writable by any user other than their owner

diff --git a/cron.8 b/cron.8
index f41adee95f2b0d68cce64cb02e0b5a273159e2a0..ab47564a3455c1a4d71a9fa206616f76079811ca 100644 (file)
--- a/cron.8
+++ b/cron.8
@@ -28,6 +28,7 @@ cron \- daemon to execute scheduled commands (ISC Cron V4.1)
 .RB [ \-l
 .IR load_avg ]
 .RB [ \-n ]
+.RB [ \-p ]
 .SH DESCRIPTION
 .I Cron
 should be started from /etc/rc or /etc/rc.local.  It will return immediately,
@@ -89,11 +90,12 @@ Naturally this is not relevant if cron was built to use
 .IR syslog (3).
 .SH CAVEATS
 In this version of
-.BR cron ,
-/etc/crontab must not be writable by any user other than root.
-No crontab files may be links, or linked to by any other file.
-No crontab files may be executable, or be writable by any user
-other than their owner.
+.BR cron
+, without the -p option,
+/etc/crontab must not be writable by any user other than root,
+no crontab files may be links, or linked to by any other file,
+and no crontab files may be executable, or be writable by any
+user other than their owner.
 .SH "SEE ALSO"
 .IR crontab (1),
 .IR crontab (5),

diff --git a/cron.c b/cron.c
index 5feb1b3523f7e85acd90803ef17b792414b5c6f1..2fb27515472488dbed7826faa8eb8fe779985083 100644 (file)
--- a/cron.c
+++ b/cron.c
@@ -48,7 +48,7 @@ static void
 usage(void) {
        const char **dflags;
 
-       fprintf(stderr, "usage:  %s [-n] [-x [", ProgramName);
+       fprintf(stderr, "usage:  %s [-n] [-p] [-x [", ProgramName);
        for (dflags = DebugFlagNames; *dflags; dflags++)
                fprintf(stderr, "%s%s", *dflags, dflags[1] ? "," : "]");
        fprintf(stderr, "]\n");
@@ -434,7 +434,7 @@ static void
 parse_args(int argc, char *argv[]) {
        int argch;
 
-       while (-1 != (argch = getopt(argc, argv, "nx:"))) {
+       while (-1 != (argch = getopt(argc, argv, "npx:"))) {
                switch (argch) {
                default:
                        usage();
@@ -445,6 +445,9 @@ parse_args(int argc, char *argv[]) {
                case 'n':
                        NoFork = 1;
                        break;
+               case 'p':
+                       PermitAnyCrontab=1;
+                       break;
                }
        }
 }

diff --git a/database.c b/database.c
index f3e366ca5c246b603427629e1338e3b51061f547..5db27e95262ca14150b64538f879033172069ec5 100644 (file)
--- a/database.c
+++ b/database.c
@@ -257,22 +257,26 @@ process_crontab(const char *uname, const char *fname, const char *tabname,
                log_it(fname, getpid(), "FSTAT FAILED", tabname);
                goto next_crontab;
        }
-       if (!S_ISREG(statbuf->st_mode)) {
-               log_it(fname, getpid(), "NOT REGULAR", tabname);
-               goto next_crontab;
-       }
-       if ((statbuf->st_mode & 07733) != 0600) {
-               log_it(fname, getpid(), "BAD FILE MODE", tabname);
-               goto next_crontab;
-       }
-       if (statbuf->st_uid != ROOT_UID && (pw == NULL ||
-           statbuf->st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) {
-               log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
-               goto next_crontab;
-       }
-       if (statbuf->st_nlink != 1) {
-               log_it(fname, getpid(), "BAD LINK COUNT", tabname);
-               goto next_crontab;
+
+       if ( PermitAnyCrontab == 0 )
+       {
+           if (!S_ISREG(statbuf->st_mode)) {
+                   log_it(fname, getpid(), "NOT REGULAR", tabname);
+                   goto next_crontab;
+           }
+           if ((statbuf->st_mode & 07533) != 0400) {
+                   log_it(fname, getpid(), "BAD FILE MODE", tabname);
+                   goto next_crontab;
+           }
+           if (statbuf->st_uid != ROOT_UID && (pw == NULL ||
+               statbuf->st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) {
+                   log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
+                   goto next_crontab;
+           }
+           if (statbuf->st_nlink != 1) {
+                   log_it(fname, getpid(), "BAD LINK COUNT", tabname);
+                   goto next_crontab;
+           }
        }
 
        Debug(DLOAD, ("\t%s:", fname))

diff --git a/globals.h b/globals.h
index 6d442d4f93b55df616b886cc15ea9ad28e8474f5..6eb6419891e3dfdeac11de33f766e62773878d91 100644 (file)
--- a/globals.h
+++ b/globals.h
@@ -63,6 +63,7 @@ XTRN char     *ProgramName INIT("amnesia");
 XTRN int       LineNumber INIT(0);
 XTRN time_t    StartTime INIT(0);
 XTRN int       NoFork INIT(0);
+XTRN int        PermitAnyCrontab INIT(0);
 
 #if DEBUGGING
 XTRN int       DebugFlags INIT(0);