From: Michal Seben <mseben@suse.cz>
Date: Wed, 14 Apr 2010 12:01:42 +0000 (+0200)
Subject: Option "-" don't log jobs as root
X-Git-Tag: cronie1.4.5~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ef2c9c82115c2f640db4ce36c0e6341b26bba0e0;p=cronie

Option "-" don't log jobs as root

If the uid of the owner is 0 (root), he can put a "-" as first
character of a crontab entry. This will prevent cron from writing
a syslog message about this command getting executed.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
---

diff --git a/man/crontab.5 b/man/crontab.5
index 43edf08..7a94b3f 100644
--- a/man/crontab.5
+++ b/man/crontab.5
@@ -263,6 +263,10 @@ Names of months or days of the week can be specified by name.
 Environment variables can be set in the crontab.  In BSD or ATT, the
 environment handed to child processes is basically the one from /etc/rc.
 .PP
+If the uid of the owner is 0 (root), he can put a "-" as first character of
+a crontab entry. This will prevent cron from writing a syslog message about
+this command getting executed.
+.PP
 Command output is mailed to the crontab owner (BSD can't do this), can be
 mailed to a person other than the crontab owner (SysV can't do this), or the
 feature can be turned off and no mail will be sent at all (SysV can't do this
diff --git a/src/entry.c b/src/entry.c
index 97cafc8..28b44d8 100644
--- a/src/entry.c
+++ b/src/entry.c
@@ -99,6 +99,26 @@ entry *load_entry(FILE * file, void (*error_func) (), struct passwd *pw,
 
 	e = (entry *) calloc(sizeof (entry), sizeof (char));
 
+	/* check for '-' as a first character, this option will disable 
+	* writing a syslog message about command getting executed
+	*/
+	if (ch == '-') {
+	/* if we are editing system crontab or user uid is 0 (root) 
+	* we are allowed to disable logging 
+	*/
+		if (pw == NULL || pw->pw_uid == 0)
+			e->flags |= DONT_LOG;
+		else {
+			log_it("CRON", getpid(), "error", "You could disable logging to syslog (using '-' option)" \
+				"only in system crontabs or crontabs assigned to user with uid 0 (root)", 0);
+			ecode = e_option;
+			goto eof;
+		}
+		ch = get_char(file);
+		if (ch == EOF)
+			return NULL;
+	}
+
 	if (ch == '@') {
 		/* all of these should be flagged and load-limited; i.e.,
 		 * instead of @hourly meaning "0 * * * *" it should mean