Bug 246396 - CRON chdir(HOME) failed: (Permission denied)
Summary: CRON chdir(HOME) failed: (Permission denied)
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: vixie-cron
Version: 7
Hardware: All
OS: Linux
low
urgent
Target Milestone: ---
Assignee: Marcela Mašláňová
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-01 18:48 UTC by Julien Dumont
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-07-02 10:29:42 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Julien Dumont 2007-07-01 18:48:13 UTC
Description of problem:

On Fedore Releases 7, It's impossible for an user to run a job by cron when his
home directory is set to 700 ( drwx------ )
It was working on Fedora Core 6.

error reported in /var/log/cron :

Jul  1 20:16:01 XXXX crond[16131]: (CRON) chdir(HOME) failed: (Permission denied)
Jul  1 20:16:01 XXXX crond[16131]: (CRON) /home/yyyy (Permission denied)
Jul  1 20:16:01 XXXX crond[16131]: CRON (yyyy) ERROR: failed to open PAM
security session: Permission denied
Jul  1 20:16:01 XXXX crond[16131]: CRON (yyyy) ERROR: cannot set security context


Version-Release number of selected component (if applicable):

[root@gXXXX ]# rpm -q --qf "%{SOURCERPM}\n" -f /usr/sbin/crond
vixie-cron-4.1-82.fc7.src.rpm


Steps to Reproduce:
1. chmod 700 user's homedir
2. create a cron for this user ( every minutes for examples )
3. look error reported in /var/log/cron
  
Actual results:
cron job not running

Expected results:
Cron job running


Additional info:

After some search on it, I found several links about this bugs.

It seems to be introduced by the vixie-cron-4.1-_60-SELinux-contains-range.patch
according to ( http://bugs.centos.org/view.php?id=2101 )

Comment 1 Julien Dumont 2007-07-01 19:25:16 UTC
I forget to mention something, in my case, selinux is totaly disable.

[root@gXXXX ]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0


Comment 2 Marcela Mašláňová 2007-07-02 10:29:42 UTC
Thanks for suggestion, fixed in devel, I'll update F-7 soon.


Note You need to log in before you can comment on or make changes to this bug.