LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 04-19-2005, 10:00 AM   #1
metobln
LQ Newbie
 
Registered: Apr 2005
Location: Berlin, Germany
Distribution: Debian 2.6.10
Posts: 6

Rep: Reputation: 0
cron for chrooted users


Is this possible?

I got a chrooted environment for my users.

I copied crontab and all necessary libs to that environment and when running crontab everything looks fine. root runs a cronjob every minute and copies all new crontab-files into the real spool. But the cronjobs just don't run. Is there anything I'm missing?

Here is some more detailed information of the environment.

Code:
|-home
|     \-{user}
|            |-home
|            |     \-{user}
|            |-var
|            |    \-spool
|            |-bin      \-cron
|            |-etc           \-crontabs
|            \-lib                     \-{user}
|-var 
|    \-spool
|           \-cron
|-var             \-crontabs
|-bin                       \-{user}
|-etc
\-lib
Red is the chrooted environment

If a chrooted user now edits his crontab, the crontab-file will be written to /home/{user}/var/spool/cron/crontabs/{user}

Since this is not the right path cron will be looking for, I set up a cronjob for root that runs every single minute. The script that is called checks (diff with a backup) if the crontab-files contain any updates. If so, all commands inside the crontab will be chrooted too and the modified file will be written to the right place: /var/spool/cron/crontabs/{user}

An example what is inside a generated crontabfile:
Quote:
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (crontab.test installed on Tue Apr 19 13:30:12 2005)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
* * * * * chroot /home/testuser echo "test" > /home/testuser/testfile
Yes, I see that warning about not editing these files. But there is no other way since crontab won't write to the correct path when called from inside the chrooted environment.

Until here everything is fine. But as I mentioned above the jobs inside the generated crontab-files won't be executed.

I restarted the crond, but that did not help. Is there anything I can do to make cronjobs accessible by my chrooted users?

I'm very thankful for every hint you can give me.

Regards,
Daniel

Last edited by metobln; 04-19-2005 at 10:04 AM.
 
Old 04-20-2005, 05:14 AM   #2
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
I'm not a cron expert, but would it be easier, or even possible, to make a new (root) cron job that checks for jobs in the chrooted environment and then executes them chrooted from there when needed? This seems easier than setting up a seperate cron in the chrooted environment, you just check for cron jobs in the user's home directories and run them chrooted. I'm not sure how well that would work, but it seems easier than copying everything out of the environment and then trying to run it.

Last edited by Darin; 04-20-2005 at 05:16 AM.
 
Old 04-20-2005, 12:06 PM   #3
metobln
LQ Newbie
 
Registered: Apr 2005
Location: Berlin, Germany
Distribution: Debian 2.6.10
Posts: 6

Original Poster
Rep: Reputation: 0
Hi Darin,

thanks for your reply. I don't think it's the best solutions to run the users cronjobs as root. Even if there was no security risk by running the jobs in chroot all generated files would be owned by root.

I did not see the real problem yesterday. Actually the jobs have been executed after restarting the crond. I should have checked the mail of the testuser earlier. For some reason the command chroot was not accessible by the user.
Quote:
/bin/sh: chroot: Permission denied
But I solved the problem now. I didn't know about the possibility of setting the shell inside the crontab with the variable SHELL.

So what I am doing now is setting the user's shell to "/usr/local/bin/jail", which is the same shell they are using when login. This jail is the original shell developed by Juan M. Casillas, published in the Jail Chroot Project (http://sourceforge.net/projects/jail).

Everything is working fine now. The only thing I don't like is the fact that I have to restart the crond. Would be great if there was another way to make cron accept the modified crontab-files.

Regards,
Daniel
 
Old 04-22-2005, 03:31 AM   #4
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
I may have made that sound overly confusing, what I meant was can you make a root cron job that checks for jobs in the user directories and then runs them as the user and in the jail space?
 
Old 04-24-2005, 05:39 AM   #5
metobln
LQ Newbie
 
Registered: Apr 2005
Location: Berlin, Germany
Distribution: Debian 2.6.10
Posts: 6

Original Poster
Rep: Reputation: 0
I'm a newbie to the linux world, but I guess that should be possible too.

But I'm happy that my basic system is running now.

If I notice any site-effects, i.e. cronjobs will not be executed because of restarting crond, I will investigate that possibility. But I kinda like the way it is working now. Except that restarting of crond...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shell script using /etc/cron.hourly to execute cron.php file? rioguia Programming 3 06-11-2008 08:09 AM
chrooted users changing their passwords btmiller Linux - Security 2 07-16-2005 01:08 PM
VSFTP Virtual Users chrooted to NTFS Help please murdocthecrackmongre Linux - Software 2 07-05-2005 06:43 PM
Jailed(chrooted) users and ftp linux_terror Linux - Security 4 08-29-2004 06:56 PM
ProFTPD for chrooted users (/home/hosting/user) ? Niels@debian Linux - Software 5 08-12-2004 07:38 PM


All times are GMT -5. The time now is 06:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration