[OpenAFS] Cron jobs without service keytab
Derek Atkins
warlord@MIT.EDU
Sat, 10 Apr 2004 17:44:27 -0400
Russ Allbery <rra@stanford.edu> writes:
> Lukas Kubin <kubin@opf.slu.cz> writes:
>
>> The problem is the standard cron doesn't keep users' jobs inside that
>> PAG. It uses some PAM methods instead and runs the users' processes so
>> thay don't receive the servers' privileges.
>
> So what you're saying is that crond destroys the PAG that you're running
> it in when it switches users to run an individual user's job? Hm. I
> thought that PAGs survived across setuid(), but maybe I'm wrong.
No, pag's definitely survive a setuid(). I can run su(1) and the
root shell will have my PAG and my tokens.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available