A ps to the perms msg

Colin Law clanlaw at googlemail.com
Thu Jul 12 21:02:15 UTC 2012 

On 12 July 2012 21:46, PleegWat <pleegwat at telfort.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/12/2012 10:10 PM, Colin Law wrote:
>> On 12 July 2012 18:14, Gene Heskett <gheskett at wdtv.com> wrote:
>>> On Thursday 12 July 2012 13:07:22 Colin Law did opine:
>>>
>>>> On 12 July 2012 15:40, Gene Heskett <gheskett at wdtv.com> wrote:
>>>>> Greets all;
>>>>>
>>>>> I just changed /var/spool/cron/crontabs/gene so its owned by
>>>>> me again, but I am still being denied crontab -e permissions.
>>>>> Probably because /var/spool/cron/crontabs is also owned by
>>>>> root:root.  But since that directory contains ALL the
>>>>> crontabs, I can't just willy nilly change that to, so I am
>>>>> reduced to scratching my thinning hair and muttering WTF?
>>>>
>>>> On mine, /var/spool/cron/crontabs/<user> is owned by <user> but
>>>> group crontab.  Try crontab for the group if you have not
>>>> already done that. the crontabs folder is owned by
>>>> root:crontab.
>>>
>>> Thank you, now I can edit it.  But looking in that directory, is
>>> not root supposed to have a system stuff file there, something to
>>> run logrotate for example?  Mine seems like it is the only one
>>> there. ??
>>
>> There is nothing in mine except the ordinary users.  I don't know
>> how it does logrotate and so on.
>>
>
> This is done by anacron instead. Anacron has the ability to 'catch up'
> on tasks that were scheduled while your PC was offline, which is
> especially useful on  desktop machines.
>
>>>
>>> Also, I am not a member of the crontab group in /etc/group.  That
>>> also seems strange since I am the only meat & bones composed
>>> user, with sudo rights on the machine.  Stranger and stranger
>>> this rootless ubuntu is becoming.
>>
>> I am not a member of crontab either, so again I don't know how it
>> works.  No doubt someone more knowledgeable will elucidate
>> ........
>>
>
> It works here, and I'm also not in the crontab group. The magic is
> that /usr/bin/crontab is owned by root:crontab and has the setgid bit
> set. That means that, when you are using that binary, that binary can
> use the permissions of the crontab group even though you are not
> ordinarily a member of it.
>
> /var/spool/cron/crontab also has some interesting permissions: It has
> group write but not group read. That means that, even as the crontab
> group, you cannot list the files in that directory, but you can create
> files. It also has the sticky bit set, which means that you can only
> delete files in that directory if you own them (rather than being able
> to delete any file in that directory).

Excellent, all is now explained (except how the OP's permissions got
messed up in the first place).  Many thanks for the explanation.

Colin

>
> PleegWat
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJP/zeYAAoJEAM6sLJjDJaMVZUH+wRmcCD2Y2PYVJl3mK7gtL2Z
> yA31nkPtF/mgk3/B3fLcMDrCGwICKFlYBfxSJNu85veNEd9YBfeMoOGgygllWVVg
> EyhvO6xmHUovTK8FinI90/pCI3jO+Evk2ZBFxJ3NPDLrtMjG2JSGVv0i5h7RbNff
> CGfXFE1Ieq7XdmuIxJMIENcf4mkGGvGKsBYJ4DFLjt2scyiWV3TBePUIOtxaf/26
> jh7RlW1wi+cq8LdNnjIKuvxwEBcrw+6xstoYWfhSCbAW52d5vyz3bW+kyvsm5RZa
> 3zl1atDMjkS68R1ZhtMLUr3eWQEfF8ej7YHqRPXyRPZ+r7YVWws9K4ZWmEv8RxM=
> =sU9W
> -----END PGP SIGNATURE-----
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

More information about the ubuntu-users mailing list