Colin Dean [Mon, 4 Oct 2010 14:29:12 +0000 (16:29 +0200)]
cronie on cluster
On issue we have is that although we've made our services very
resilient, by employing HA failover, load balancing and round robin DNS,
the one service that's difficult to do anything with is cron, because it
has traditionally been tied to a single machine.
For instance, we have a cluster of 4 Fedora servers which our end users
use as timeshare systems, using round robin DNS, and if one of the
servers is down it doesn't really matter too much. We don't even backup
the servers, relying on NFS home directories and rebuilding from scratch
using kickstart + cfengine if a server fails and can't be restarted.
However, the users have scattered crontab files around the 4 servers, so
that if the particular server a cron job is meant to run on dies, the
job doesn't run any more, and the crontab file may be permanently lost.
What we needed was a facility to allow crontabs in /var/spool/cron on
these 4 servers be NFS mounted from a single directory on our NetApp
filers (so giving us backups and snapshots), with any user able to run
"crontab -e" from any of the servers to manage a single shared crontab,
and for us in the IT Service to be able to set just one of the 4 servers
to run user crontab jobs at any time. However, we needed to keep
/etc/crontab and the files in /etc/cron.d/ specific to each individual
server still, and keep crond running on all 4 servers.
If sendmail isn't installed, syslog is used. This patch should
also solve problem with RPM requirements of sendmail
(and which mail should be installed by default).
Based on: https://bugzilla.redhat.com/show_bug.cgi?id=472710#c42
Michal Seben [Wed, 14 Apr 2010 12:01:42 +0000 (14:01 +0200)]
Option "-" don't log jobs as root
If the uid of the owner is 0 (root), he can put a "-" as first
character of a crontab entry. This will prevent cron from writing
a syslog message about this command getting executed.
Michal Seben [Wed, 14 Apr 2010 11:26:48 +0000 (13:26 +0200)]
Correctly reported PAM errors
cron_conv could be helpfull for debug purposes, when something bad happens
with pam e.g. : expired user password - without cron_conv cronie doesn't
report usefull info in syslog messages (it just write no conversation
function error to messages file),if you want to do quick test of pam
conversation function, you could set PASS_MAX_DAYS and PASS_WARN_AGE in
etc/login.defs , add new user and for this user create cron rule (crontab -e)
When run as "crontab -e", crontab creates a temporary file in /tmp, copies the
contents of an existing crontab to this file, and then calls utime() on the
temporary file name to set its mtime and atime to 0, in order to check after
editing whether or not the file has been modified.
Since the file is created with the user's euid, and because utime is called on
the file as root, an attacker can replace the temporary file after it is
created with a symlink to any file or folder on disk, which will then have its
atime and mtime set to 0. This is certainly not a critical issue, but this
action can be used to deny service in many scenarios. For example, the cron
daemon checks the mtime of the crontab spool folder and its contents to
determine whether or not it needs to update its database of cronjobs, and if
these times are reset to 0, no new cronjobs will be added. Other daemons
relying on accurate timestamps may be similarly affected. Finally, build tools
such as make could be tricked into not re-compiling source, based on an old
timestamp.
Thanks to: Dan Rosenberg
There is need to add -laudit into gcc options because now it's not
found automatically. Based on:
http://fedoraproject.org/wiki/Features/ChangeInImplicitDSOLinking
SATOH Fumiyasu [Tue, 3 Nov 2009 09:41:44 +0000 (10:41 +0100)]
Security: Ignore $TMPDIR if ruid!=euid and/or rgid!=egid A setuid/setgid process with GNU C library does NOT inherit $TMPDIR
from the parent process for security reason, but this behavior is
NOT standard feature.
New option: enable-anacron in configure which can set compilation
with or without anacron part. Also there were changes in manual pages.
Updated ChangeLog.
Minor debian release anacron-2.3.1 which adds this features:
-anacron runs jobs twice in a 31 day month
-add hostname to emails sent to admin
-allow user anacrontabs
and some debian scripts for apm support.
Initial upload of anacron-2.3 which should be optimized for better
cooperation with cronie. However, cronie should be working with or
without anacron, which should be configurable.
Option -i for disabling inotify support.
This option was based on email by user who can't set up daemon
when they have mounted from NFS /var/spool/cron for a number
of identical machines. Inotify pass the test because it find
the directory, but didn't notice changes.
http://linux-nfs.org/pipermail/nfsv4/2007-November/007127.html
Thanks to: Alex Bame
MAILFROM, if set, will be used as the envelope sender address when cron
mails the output of commands in that crontab.
The initial patch was written by: Heath Caldwell
Inotify initialization left open file descriptors which are leaking
and annoying SElinux.
This could be once fixed by inotify_init1, but that's supported from
kernel 2.6.27.
I have noticed that with cronie-1.2, my binaries have seen their \
size grow by 10x (from 28kB to 290kB). After searching a bit, I found that the responsible was the INIT() macro in globals.h \
which initializes huge strings MailCmd and cron_default_mail_charset both of which are 128 kB. Due to this initialization, the memory \
areas are stored for real in the binary, resulting in larger sizes
Cronie could be build as Position Independent Executable when the
configure is executed with --enable-pie.
Erased commented unused stuff from configure.