From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54 [es-ES] Description of problem: When i reboot the machine the cron daemnon don't executed the files in /etc/cron.d/* The error is in /var/log/cron: --------------------------- Dec 17 09:18:29 luquitas crond[2478]: (CRON) STARTUP (V5.0) Dec 17 09:18:29 luquitas crond[2478]: (*system*) BAD FILE MODE (/etc/ cron.d/mrtg) Dec 17 09:18:31 luquitas anacron[2507]: Anacron 2.3 started on 2004- 12-17 Dec 17 09:18:31 luquitas anacron[2507]: Normal exit (0 jobs run) Dec 17 09:20:01 luquitas crond[3033]: (root) CMD (/usr/lib/sa/sa1 1 1) Dec 17 09:30:01 luquitas crond[3117]: (root) CMD (/usr/lib/sa/sa1 1 1) Dec 17 09:40:01 luquitas crond[3195]: (root) CMD (/usr/lib/sa/sa1 1 1) Dec 17 09:40:28 luquitas crond[3215]: (CRON) STARTUP (V5.0) Dec 17 09:40:28 luquitas crond[3215]: (*system*) BAD FILE MODE (/etc/ cron.d/sysstat) Dec 17 09:40:28 luquitas crond[3215]: (*system*) BAD FILE MODE (/etc/ cron.d/mrtg) --------------------------- But before reboot the crontab entry works fine: --------------------------- Dec 17 09:01:01 luquitas crond[4188]: (root) CMD (run-parts /etc/ cron.hourly) Dec 17 09:05:01 luquitas crond[4205]: (root) CMD (/usr/bin/mrtg /etc/ mrtg/mrtg.cfg --lock-file /var/lock/mrtg/mrtg_l --confcache-file / var/lib/mrtg/mrtg.ok) Dec 17 09:10:01 luquitas crond[4233]: (root) CMD (/usr/lib/sa/sa1 1 1) Dec 17 09:10:01 luquitas crond[4234]: (root) CMD (/usr/bin/mrtg /etc/ mrtg/mrtg.cfg --lock-file /var/lock/mrtg/mrtg_l --confcache-file / var/lib/mrtg/mrtg.ok) Dec 17 09:15:01 luquitas crond[4304]: (root) CMD (/usr/bin/mrtg /etc/ mrtg/mrtg.cfg --lock-file /var/lock/mrtg/mrtg_l --confcache-file / var/lib/mrtg/mrtg.ok) ************* shutdown -r now ******************** Dec 17 09:18:29 luquitas crond[2478]: (CRON) STARTUP (V5.0) Dec 17 09:18:29 luquitas crond[2478]: (*system*) BAD FILE MODE (/etc/ cron.d/mrtg) Dec 17 09:18:31 luquitas anacron[2507]: Anacron 2.3 started on 2004- 12-17 Dec 17 09:18:31 luquitas anacron[2507]: Normal exit (0 jobs run) Dec 17 09:20:01 luquitas crond[3033]: (root) CMD (/usr/lib/sa/sa1 1 1) Dec 17 09:30:01 luquitas crond[3117]: (root) CMD (/usr/lib/sa/sa1 1 1) Dec 17 09:40:01 luquitas crond[3195]: (root) CMD (/usr/lib/sa/sa1 1 1) Dec 17 09:40:28 luquitas crond[3215]: (CRON) STARTUP (V5.0) Dec 17 09:40:28 luquitas crond[3215]: (*system*) BAD FILE MODE (/etc/ cron.d/sysstat) Dec 17 09:40:28 luquitas crond[3215]: (*system*) BAD FILE MODE (/etc/ cron.d/mrtg) --------------------------- Version-Release number of selected component (if applicable): (CRON) STARTUP (V5.0) How reproducible: Always Steps to Reproduce: 1. the machine is up 2. chmod 755 /etc/cron.d/mrtg 3. "works fine many times" 4. shutdown -r now 5. "After reboot don't work" 6. chmod 755 /etc/cron.d/sysstat 7. sysstat entry don't work also Actual Results: Nothing Additional info: The SELinux it's work in WARM mode
By default, ISC cron 4.1 enforces that all crontab files MUST have mode 0600, and cannot be links - otherwise, they are ignored. This was a security feature to close known vulnerabilities in cron. We relaxed this somewhat to allow group/other read access - group/other write access or any execute access is still not allowed. So to fix this, do : # chmod a-x,og-w /etc/cron.d/* /var/spool/cron/* In vixie-cron-4.1-21 for FC3, I'm going to add the '-m <mode>' option, where '<mode>' is a 'umask'-like mask of crontab file mode bits NOT TO ACCEPT - by default, this is now 07133 - ie. any of setuid/setgid/sticky, ugo-execute, or group/other write. With the '-m' option, you'll be able to disable all mode checking with '-m 0', which will also disable link checking .
This bug has been fixed with vixie-cron-4.1-20_FC3 (and now also with vixie-cron-4.1-21_FC3) . 1. crond will now accept read-only crontab files by default 2. crond now has a '-p' option to turn off the default rejection of crontabs that have any of: - Write permission for group / other - any execute permission - more than one link