[lug] Why cron.allow and cron.deny?

Bear Giles bgiles at coyotesong.com
Mon Jan 13 11:47:27 MST 2014


That's why it's important to find out why they have the cert. I have some
but they're mostly for a combination of HR and for me to ensure that I
don't mistake a leg of the elephant for the whole thing.

Ironically I think it's the ones who make the most of the certs that you
have the most to worry about. :-)



On Mon, Jan 13, 2014 at 10:55 AM, Rob Nagler <nagler at bivio.biz> wrote:

> Thanks.  I understand the sentiment.
>
> Unfortunately, features like this can be perceived as providing
> security so they get used in contexts which cause more problems than
> they solve.
>
> I'm sure the RHEL certification course tells certifiables to have a
> cron.allow, and only put root in it.  Then people create cron jobs as
> root, because they think it would be a security hole to create a job
> as, say, apache or postgres.
>
> Rob
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20140113/b39cf63f/attachment.html>


More information about the LUG mailing list