[lug] Why cron.allow and cron.deny?

Bear Giles bgiles at coyotesong.com
Mon Jan 13 09:16:12 MST 2014


Putting on a security hat why would you want to allow ordinary users to use
it? It's nice to have the flexibility but unless you can articulate a
specific reason there's no reason to allow it.

Like everyone else I haven't actually gotten around to doing it but there's
a handful of things that won't impact us but will avoid a world of pain if
we do something stupid or are compromised. Denying cron, setting up quotas
with high limits, setting up rlimit restrictions at the top of our programs
(e.g., limiting the program to 10 files and prohibiting forks).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20140113/a0a9100c/attachment.html>


More information about the LUG mailing list