[OpenAFS] Cron jobs without service keytab

Derek Atkins warlord@MIT.EDU
Sat, 10 Apr 2004 17:44:27 -0400

Russ Allbery <rra@stanford.edu> writes:

> Lukas Kubin <kubin@opf.slu.cz> writes:
>> The problem is the standard cron doesn't keep users' jobs inside that
>> PAG. It uses some PAM methods instead and runs the users' processes so
>> thay don't receive the servers' privileges.
> So what you're saying is that crond destroys the PAG that you're running
> it in when it switches users to run an individual user's job?  Hm.  I
> thought that PAGs survived across setuid(), but maybe I'm wrong.

No, pag's definitely survive a setuid().  I can run su(1) and the
root shell will have my PAG and my tokens.


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available