At 2:10 AM +0800 8/11/04, Xin LI wrote: > >On Tue, Aug 10, 2004 at 10:02:09AM -0700, Doug Barton wrote: >> > > Can you elaborate on your thinking? > >I'm not sure if this is a sort of abusing systemwide crontabs, but >the administrators at my company have used them to run some tasks >periodicly under other identities (to limit these tasks' privilege), >and it provided a somewhat "centralized" management so they would >prefer to use systemwide crontab rather than per-user ones. You could get about the same effect by having them all under root's crontab, and then having the entry 'su' to the appropriate userid before running. So it is centralized in one crontab (root's), but it is protected from prying eyes. >What do you think about the benefit for users being able to see >the system crontab? I think knowing what would be executed under >others' identity is (at least) not always a good thing, especially >the users we generally don't fully trust... For generic system tasks, it can be useful to know when they run. Maybe this means more to me because I'm actually awake at all odd hours of the morning, so I notice the effects of some of those runs. My runs of 'cvsup_mirror', for instance. Basically, I use the system crontab for events where I think it is safe for every user to know when the events occur, and use other crontabs for the things I want to keep private. Just a personal preference thing, obviously. -- Garance Alistair Drosehn = [email protected] Senior Systems Programmer or [email protected] Rensselaer Polytechnic Institute or [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"