Anacron for non-root users?

Jeffrey F. Bloss jbloss at tampabay.rr.com
Wed Mar 7 18:33:41 UTC 2007 

Adam Funk wrote:

> On 2007-03-06, Jeffrey F. Bloss wrote:
> 
> > Is there anything to prevent you from using existing anacron tools,
> > letting root "start" the job, but using 'su' to run it as a user?
> >
> > In your /etc/cron.whatever scripts it might look something like
> > this...
> 
> Actually, I was just thinking of putting a short home-made script in
> /etc/cron.daily to do something like
> 
> sudo -u adam run-parts --report /home/adam/anacron.daily
> 
> and putting in ~/anacron.daily the stuff I want to run as myself.

This should work, but be aware that there's subtle differences between
'su' and 'sudo'. Mostly environment stuff whereby sudo might break some
things su would not. They should be mostly resolvable if they're even an
issue, but I do know the "standard" way to do what you're asking about
is to use 'su' to run jobs as a user from within the safety of a root
owned home.

The security issues are very real even in a single user environment to
my way of thinking. In essence you're allowing complete control over
processes initiated by root, and an undesirable channel of
communication back to root's space, from the same space where browsers
and other popular targets of attack reside. Conjoining two things that
some very knowledgeable have worked long and hard to keep generally
segregated, in fact. ;)

My take-it-for-what-it's-worth suggestion would be to use anacron the
way it was designed to be used, as the user it's designed to be used
as. You are of course free to evaluate your own needs and concerns, and
come up with a completely different acceptable balance of convenience,
security, and functionality. :) Truth is, for a single user system
under the control of someone with even a modicum of knowledge and
forethought, these issues are mostly trivial as long as you're aware of
them.

-- 
     _?_      Outside of a dog, a book is a man's best friend.
    (o o)         Inside of a dog, it's too dark to read.
-oOO-(_)--OOo------------------------------[ Groucho Marx ]---
                    http://wrench.homelinux.net/~jeff/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070307/384a7f99/attachment.sig>

More information about the ubuntu-users mailing list