-   Fedora (
-   -   SUID problem running cron jobs? (

mitchloft 03-23-2005 01:48 PM

SUID problem running cron jobs?
I'm running FC3_64 with a SCSI RAID 5, 1GB ram, and seem to be having a problem getting a program to execute when running as a cron job. I'm using filePro Plus - which sets the user ID to "filepro" when it runs to maintain ownership and control of all it's database files.

I have a couple of "report" programs I need to run every few minutes to check for incoming EDI files, and process them if present. If I put the commands for these programs in a shell script and call the script from the command line - all is well, it runs fine. BUT! If I put that same script on a cron timer, it runs fine EXCEPT for the database program functions that must run with suid set. I've tried every which way I can think of, and the SUID is the only thing that makes any sense as far as causing the failure. I did NOT activate SELinux at install, and the services program sez it ain't running. This worked fine under RH9, but I think maybe the fine folks working on the Fedora project just went ahead and tightened security up to the point of making the system unusable. I've tried to find an option to crond that might defeat this, but the doc is, well, pretty much non-existant.

Anybody got any ideas on this? Thanks.

WhatsHisName 03-23-2005 02:53 PM

mitchloft: This may have nothing to do with your problem, but are you calling the cron jobs from crontab or from the redhat-style cron.hourly, cron.daily, etc.? I had so much trouble trying to use cron.daily, that I call everything from crontab now. Using cron.daily, the jobs would only run properly about 10% of the time and I could never understand why.

I call the jobs from crontab using the root modifier, but I thought that was only used to direct the terminal messages to the root mail.

Typical /etc/crontab entry:
05 01 * * * root sh /root/whatever...

mitchloft 03-23-2005 03:38 PM

I'm using plain old cron. and running them as root's cron job, so I'm EXPECTING not to have any problems with permissions. I've pretty much tried setting permissions on all the affected files every-which-way -but -loose (and even loose...) and that doesn't seem to matter. Everything seems to run, all the debug messages I've stuck in there append to the files I've set up, it all seems to be fine EXCEPT the database program that needs to run SUID. I might try that root business inside the cron job though. I haven't needed to do that before, but what the heck - it's worth a try.


mitchloft 03-23-2005 03:54 PM

Nope - no help. I just get an error back saying that 'root is not a recognized command' and nothing heppens at all.
Thanks anyway...

mitchloft 03-24-2005 01:30 PM

For anyone interested:

I -think- I have it working now. I did a couple of things and I'm not sure which one(s) might have been effective.

I found that an "internal" config file for filepro did not have a TERM set. I found an error message complaining about not finding a valid TERM in the config file. The message didn't say the process failed because of it, and a background process doesn't have much need of a TERM, but I put it equal to "linux" anyway.

I also edited the /etc/sudoers file to include entrys:


just in case that's was causing the SUID failure.

I'm still not 100% confident this is fully functional, and I'm a little suspicious of the pam configuration stuff, but I'm hoping for the best....

All times are GMT -5. The time now is 12:39 AM.