Bug 128843 - root cron jobs exit immediately
root cron jobs exit immediately
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: vixie-cron (Show other bugs)
rawhide
i586 Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
Brock Organ
:
: 128915 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-30 10:02 EDT by G.Wolfe Woodbury
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version: FC5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-02 09:39:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description G.Wolfe Woodbury 2004-07-30 10:02:19 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
root cron logs "Critical error - immediate termination" with no other
indication of what the error is.

Version-Release number of selected component (if applicable):
vixie-cron-4.1-2

How reproducible:
Always

Steps to Reproduce:
1. clean install of rawhide 2004-07-29
2. examine /var/log/messages
3.
    

Actual Results:  /var/log/messages abstract (2 of about 100 entries)

Jul 30 09:01:01 tembo crond(pam_unix)[19124]: session opened for user
root by (uid=0)
Jul 30 09:01:01 tembo crond[19124]: Critical error - immediate abort


Expected Results:  just a "session opened" notification

Additional info:

no indication in /var/log/cron of what the error is.

This may be an SeLinux policy error, but there are no avc's that I can
find.
Comment 1 Jason Vas Dias 2004-07-30 12:24:23 EDT
Yes, it looks like an SELinux issue to me .
It seems the 'pam_setcred' call is failing.
Am investigating and will resolve as top priority.
Comment 2 Jason Vas Dias 2004-07-30 15:14:38 EDT
It was a PAM issue.
You need to add the line:
auth sufficient pam_rootok.so
to the beginning of /etc/pam.d/crond .
This is now in vixie-cron-4.1-6 .
It's also best to install latest 
pam-0.77-53 .
Comment 3 Jason Vas Dias 2004-08-01 14:40:58 EDT
*** Bug 128915 has been marked as a duplicate of this bug. ***
Comment 4 Doncho N. Gunchev 2004-08-06 14:49:41 EDT
I have similar problem with FC3t1 - when I add new job 
to /etc/cron.d/myfile it never gets executed. If I add the same line 
to /etc/crontab it works fine. (vixie-cron-4.1-7) 
Comment 5 Thomas Zehetbauer 2004-08-06 14:57:18 EDT
Do you have /etc/cron.allow and/or /etc/cron.deny files?
Comment 6 Jason Vas Dias 2004-08-06 16:22:52 EDT
Having /etc/cron.allow and/or /etc/cron.deny files makes no
difference to this bug - if neither exist, only root can
edit crontabs. 

Without the 'auth sufficient pam_rootok.so' line in /etc/pam.d/crond,
no commands are executed at all, regardless of cron.allow/cron.deny.

Ensure that the /etc/cron.d/myfile you created is owned by root and
has mode 0600 - otherwise vixie-cron-4.1 will ignore it - this is
default ISC cron 4.1 behavior.
Comment 7 Doncho N. Gunchev 2004-08-08 20:46:38 EDT
    This one works: 
echo '* * * * * root /usr/bin/logger "testing crond here every 
minute"' > /etc/cron.d/myfile; chmod 600 /etc/cron.d/myfile; service 
crond restart; tail -f /var/log/messages 
    This one does not: 
echo '* * * * * root /usr/bin/logger "testing crond here every minute 
1"' > /etc/cron.d/vsftpd; chmod 600 /etc/cron.d/vsftpd; service crond 
restart; tail -f /var/log/messages 
    I have no /etc/cron.allow nor /etc/cron.deny, SELinux disabled, 
kernel 2.6.7-1.503, pam-0.77-54, 2 x XEON at 2GHz, 2GB RAM. Things 
always do work from /etc/crontab (for root and ordinary users) 
and /etc/cron.d/myfile, but never from /etc/cron.d/vsftpd. I'll check 
further... 
Comment 8 Jason Vas Dias 2004-08-09 16:40:52 EDT
 I ran the exact command you gave, and it worked fine:
  echo '* * * * * root /usr/bin/logger "testing crond here every minute 
1"' > /etc/cron.d/vsftpd; chmod 600 /etc/cron.d/vsftpd; service crond 
restart; tail -f /var/log/messages
 
 I then saw  "testing crond here every minute 1" in the  log.
 
 This was with vixie-cron-4.1-7.
 The only thing I can think of that could cause it to 
 fail is if /etc/cron.d/vsftpd is a link - links are not
 allowed by ISC cron 4.1 as a security measure.



Comment 9 Doncho N. Gunchev 2004-08-13 09:33:04 EDT
It was a hardlink. It seems that crond now does not like symlinks,
hardlinks and files owned/writable by someone else except root.

Note You need to log in before you can comment on or make changes to this bug.