FS#22085 - [dcron] "/etc/rc.d/crond restart" causes user's environment to be copied to all cronjobs

Attached to Project: Arch Linux
Opened by Mantas Mikulėnas (grawity) - Monday, 13 December 2010, 15:38 GMT
Last edited by Andrea Scarpino (BaSh) - Monday, 02 May 2011, 08:50 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Paul Mattal (paul)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Whenever I restart 'crond' using the /etc/rc.d/crond script, part of my current environment (including such things as SUDO_USER and DISPLAY) is copied to all cron jobs of all users.

Steps to reproduce:
1. sudo /etc/rc.d/crond restart
2. (crontab -l; echo "* * * * * env > ~/cronenv") | crontab -
3. sleep 60
4. cat ~/cronenv

Steps to fix:
Use this to start crond in the rc.d script:
env -i PATH="/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin" crond
This task depends upon

Closed by  Andrea Scarpino (BaSh)
Monday, 02 May 2011, 08:50 GMT
Reason for closing:  Fixed
Additional comments about closing:  dcron 4.5-1
Comment by Leonid Isaev (lisaev) - Wednesday, 15 December 2010, 18:57 GMT
This is a documented behavior of sudo, isn't it? Please see "man 8 sudo" and "sudo -V" as root.
You have to be careful how to use it -- hardcoding variables into initscripts looks like a bad idea to me...
Comment by Mantas Mikulėnas (grawity) - Thursday, 16 December 2010, 05:50 GMT
This bug report is about 'dcron'. It is not related to the method of gaining root privileges - the same problem (cronjobs inheriting daemon's environment) persists whether I use 'sudo', 'su', 'ssh root@localhost', or login as 'root' on the console.

Vixie-cron, on the other hand, makes sure cronjobs run in a clean environment - and it does have a hardcoded $PATH, too.
Comment by Leonid Isaev (lisaev) - Thursday, 16 December 2010, 15:51 GMT
>This bug report is about 'dcron'. It is not related to the method of gaining root privileges - the same problem
>(cronjobs inheriting daemon's environment) persists whether I use 'sudo', 'su', 'ssh root@localhost', or login >as 'root' on the console.
Sorry, if I was unclear... When you use sudo, the calling-env setting are inherited. There is not problem, if /etc/rc.d/crond executed on boot, because the $PATH you mention is the default root's PATH, right? I mean, cron runs as root, with root's env. Otherwise, run it as a user cron...

>Vixie-cron, on the other hand, makes sure cronjobs run in a clean environment - and it does have a hardcoded >$PATH, too.
Hmm, I have a rhel5 with vixie-cron here and /etc/init.d/crond looks just as my /etc/rc.d/crond. Can you, please, explain what you mean? Besides, can't you change PATH in a crontab directly?

Loading...