LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 11-07-2014, 12:41 PM   #1
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,249
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
cron job deletes files it shouldn't have rights to..


I'm not sure what I'm missing here. I created a cron job to delete files off an asterisk system to manage old files. I tried running the cron in the user context as a test to ensure it couldn't delete files it did not have rights to, but instead it was able to delete those files..

Here are the cron jobs
Code:
20 10 * * * someguy /usr/bin/find /home/someguy/TEST/*.txt -type f -mtime +14 -exec rm -f {} \; >> /home/someguy/TEST/cronlog 2>&1
20 10 * * * someguy /usr/bin/find /home/someguy/TEST/*.php -type f -mtime +14 -exec rm -f {} \; >> /home/someguy/TEST/cronlog 2>&1

Code:
someguy@debian01:~/TEST$ ls -al
total 16
drwxr-xr-x  2 someguy someguy 4096 Nov  6 10:08 .
drwxr-xr-x 28 someguy someguy 4096 Nov  6 07:53 ..
-rw-------  1 root    root       0 Nov  1 11:59 Doc16.php
-rw-r--r--  1 someguy someguy    0 Nov  1 11:59 Doc16.txt
-rw-------  1 root    root       0 Nov  2 11:59 Doc17.php
-rw-r--r--  1 someguy someguy    0 Nov  2 11:59 Doc17.txt
-rw-------  1 root    root       0 Nov  3 11:59 Doc18.php
-rw-r--r--  1 someguy someguy    0 Nov  3 11:59 Doc18.txt
-rw-------  1 root    root       0 Nov  4 11:59 Doc19.php
-rw-r--r--  1 someguy someguy    0 Nov  4 11:59 Doc19.txt
-rw-------  1 root    root       0 Nov  5 11:59 Doc20.php
-rw-r--r--  1 someguy someguy    0 Nov  5 11:59 Doc20.txt
-rw-------  1 root    root       0 Nov  6  2014 Doc21.php
-rw-r--r--  1 someguy someguy    0 Nov  6  2014 Doc21.txt
I believe the cron should be able to delete the .txt files, but should fail on the .php files thart are owned by root. but surprise the cron jobs are able to delete both the .txt and php files.

when I view the log it sure looks like it's running as user someguy, how is it deleting files owned by root ?

Code:
Nov  6 10:10:01 debian01 /USR/SBIN/CRON[22483]: (root) CMD (someguy /usr/bin/find /home/someguy/TEST/*.txt -type f -mtime +14 -exec rm -f {} \; >/dev/null 2>&1)
Nov  6 10:10:01 debian01 /USR/SBIN/CRON[22484]: (root) CMD (someguy /usr/bin/find /home/someguy/TEST/*.php -type f -mtime +14 -exec rm -f {} \; >/dev/null 2>&1)
Code:
someguy@debian01:~$ groups
someguy cdrom floppy audio dip video plugdev scanner bluetooth netdev
so what am I missing ?

thanks for your assistance.

Last edited by farslayer; 11-07-2014 at 02:13 PM.
 
Old 11-07-2014, 12:59 PM   #2
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143
When you're testing a command in cron, you should redirect the output to a file so you can view it. You should only switch the output to /dev/null once you're confident it's working correctly.

Also, your cron job at the top does not match what was actually run at the bottom. The mtime is different and there's an "rm -f" in the bottom set, but only "rm" in the top set. Are you sure you're looking at the right information?

And finally, your output at the bottom shows that it's being run as root:
Code:
Nov  6 10:10:01 debian01 /USR/SBIN/CRON[22483]: (root) CMD (someguy /usr/bin/find /home/someguy/TEST/*.txt -type f -mtime +14 -exec rm -f {} \; >/dev/null 2>&1)
Who's cron is this job in?
 
1 members found this post helpful.
Old 11-07-2014, 02:06 PM   #3
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,804

Rep: Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224
Plus, removing a file from a directory only requires write permission in the directory. The permissions on the file itself have nothing to do with it. Yes, an interactive rm command will prompt for confirmation if you try to delete a file for which you do not have write permission, but that is just a courtesy, not anything enforced by the OS.

Last edited by rknichols; 11-07-2014 at 02:08 PM.
 
2 members found this post helpful.
Old 11-07-2014, 02:13 PM   #4
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,249

Original Poster
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
Yep you are right I grabbed the wrong entry from the log, Sorry for the confusion.

I initially tried running the job from the system cron using the following (which matches the log I posted above.)

Code:
root@debian01:/# crontab -e
Code:
20 10 * * * someguy /usr/bin/find /home/someguy/TEST/*.txt -type f -mtime +14 -exec rm -f {} \; >> /home/someguy/TEST/cronlog 2>&1
20 10 * * * someguy /usr/bin/find /home/someguy/TEST/*.php -type f -mtime +14 -exec rm -f {} \; >> /home/someguy/TEST/cronlog 2>&1
Code:
Nov  6 10:10:01 debian01 /USR/SBIN/CRON[22483]: (root) CMD (someguy /usr/bin/find /home/someguy/TEST/*.txt -type f -mtime +14 -exec rm -f {} \; >/dev/null 2>&1)
Nov  6 10:10:01 debian01 /USR/SBIN/CRON[22484]: (root) CMD (someguy /usr/bin/find /home/someguy/TEST/*.php -type f -mtime +14 -exec rm -f {} \; >/dev/null 2>&1)
Which didn't work, it deleted the files owned by root.

so I then tried it in cron under the someguy account.

Code:
someguy@debian01:~$ crontab -u someguy -e
Code:
06 10 * * * /usr/bin/find /home/someguy/TEST/*.txt -type f -mtime +14 -exec rm  {} \; >/dev/null 2>&1
06 10 * * * /usr/bin/find /home/someguy/TEST/*.php -type f -mtime +14 -exec rm  {} \; >/dev/null 2>&1
which resulted in the following log
Code:
Nov  7 10:06:01 debian01 /USR/SBIN/CRON[26286]: (someguy) CMD (/usr/bin/find /home/someguy/TEST/*.txt -type f -mtime +14 -exec rm  {} \; >/dev/null 2>&1)
Nov  7 10:06:01 debian01 /USR/SBIN/CRON[26287]: (someguy) CMD (/usr/bin/find /home/someguy/TEST/*.php -type f -mtime +14 -exec rm  {} \; >/dev/null 2>&1)
Both methods resulted in the cron job deleting the .php files owned by root.
 
Old 11-07-2014, 02:17 PM   #5
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,249

Original Poster
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
Quote:
Originally Posted by rknichols View Post
Plus, removing a file from a directory only requires write permission in the directory. The permissions on the file itself have nothing to do with it. Yes, an interactive rm command will prompt for confirmation if you try to delete a file for which you do not have write permission, but that is just a courtesy, not anything enforced by the OS.
so what you are saying is since someguy has write permissions on the directory, he is able to delete the files owned by root in that directory.

That is the piece I was overlooking during my testing then.

thank you.
 
Old 11-07-2014, 02:28 PM   #6
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,804

Rep: Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224Reputation: 2224
Quote:
Originally Posted by farslayer View Post
so what you are saying is since someguy has write permissions on the directory, he is able to delete the files owned by root in that directory.
Yes.

I should add, if you set the "sticky" bit on that directory (chmod +t), then someguy would only be able to delete the files that he owns.

Last edited by rknichols; 11-07-2014 at 02:31 PM. Reason: I should add ...
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
cron job for cleaning files ericli Linux - Newbie 9 05-05-2009 10:30 AM
cron job files vikas027 Linux - General 4 11-12-2008 04:42 AM
Cron job files by date Kumado Linux - General 4 04-26-2006 06:02 PM
cron job to detect new files rblampain Programming 8 12-28-2005 09:51 AM
cron job to delete files based on attributes alpha21 Linux - General 3 11-09-2004 01:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 04:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration