[lug] Why cron.allow and cron.deny?

Quentin Hartman qhartman at gmail.com
Mon Jan 13 09:36:52 MST 2014


The biggest difference is that cron doesn't depend on the user's session
existing. In this case, it's more to prevent accidental abuse than
malicious intent. A good example of this is there are lots of web
frameworks that encourage people to setup cronjobs for various housekeeping
tasks. Sometimes those can be very expensive. Disabling user cron forces
them to come to you to get things setup so you have more visibility into
what's going on, and can make sure that it won't negatively impact the
system.

QH


On Mon, Jan 13, 2014 at 9:26 AM, Chris Ernst <chris at sillyward.com> wrote:

> On 01/13/2014 09:16 AM, Rob Nagler wrote:
> > I still don't get it.  What's the difference between cron and this?
> >
> > while true; do
> >     sleep 60
> >     do_something
> > done
> >
> > Or, for the more abusive:
> >
> > while true do
> >     sleep 60
> >     ssh some-target.com do_something
> > done
>
> Not much.  But the point is that there are many different mechanisms to
> prevent many different vectors of abuse.  No one mechanism can address
> them all.
>
> cron.allow and cron.deny are just a simple mechanism to control cron
> access.  That's it.
>
>         - Chris
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20140113/a772fe67/attachment-0001.html>


More information about the LUG mailing list