Bug 85791

Summary: Unable to look at "at" jobs without being root
Product: [Retired] Red Hat Linux Reporter: Stephen Rasku <redhat>
Component: atAssignee: Jason Vas Dias <jvdias>
Status: CLOSED CURRENTRELEASE QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-06-03 19:36:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Stephen Rasku 2003-03-07 20:20:55 UTC
Description of problem:

If you enter an at job from the command line, you will not be able to look at
what the job does without becoming root.  You can use atq to determine when a
job will execute but not what it will do.  Even if you know the name of the file
in  /var/spool/at (which isn't displayed by atq), you still can't view it
because of the permissions.

Version-Release number of selected component (if applicable):

How reproducible:


Expected results:

atq should display the name of a file that is viewable by the user or there
should be an "atcat" command which will display the contents of the file when
given the specified at job number.

Additional info:

In Solaris 7, atq displays:

 Rank     Execution Date     Owner     Job         Queue   Job Name
  1st   Mar  8, 2003 06:11   stephen 1047132712.a     a     stdin
  2nd   Mar  8, 2003 07:10   stephen 1047136255.a     a     stdin
  3rd   Mar  9, 2003 06:11   stephen 1047219109.a     a     stdin
  4th   Mar  9, 2003 07:10   stephen 1047222647.a     a     stdin
  5th   Mar 10, 2003 06:11   stephen 1047305511.a     a     stdin
  6th   Mar 10, 2003 06:12   stephen 1047305530.a     a     stdin
  7th   Mar 10, 2003 07:10   stephen 1047309049.a     a     stdin
  8th   Mar 10, 2003 07:11   stephen 1047309060.a     a     stdin
  9th   Mar 11, 2003 06:11   stephen 1047391918.a     a     stdin
 10th   Mar 11, 2003 07:11   stephen 1047395474.a     a     stdin
 11th   Mar 12, 2003 06:11   stephen 1047478312.a     a     stdin
 12th   Mar 12, 2003 07:10   stephen 1047481855.a     a     stdin
 13th   Mar 13, 2003 06:11   stephen 1047564709.a     a     stdin
 14th   Mar 13, 2003 07:10   stephen 1047568247.a     a     stdin
 15th   Mar 14, 2003 06:11   stephen 1047651111.a     a     stdin
 16th   Mar 14, 2003 07:10   stephen 1047654649.a     a     stdin

I can then do:

    cat /var/spool/cron/atjobs/1047654649.a

to display the contents of the job.

Comment 1 Jens Petersen 2003-03-19 06:44:06 UTC
I'm not sure what the full implications of lightening the
permissions on /var/spool/at/ would be (say to 701), but
perhaps "atcat" would be more useful anyway?

"atcat" would also mean users wouldn't have to see the actual
job filenames themselves making the "interface" more opaque.

Comment 2 Jason Vas Dias 2005-06-03 19:36:39 UTC
Just clearing out old bugs here.
This problem does appear to be fixed with latest versions of at 
in all releases . atq lets you see all the jobs in your queue -
only root may look at jobs in other queues. at -c <job id> does 
output the job contents correctly to non-root users.