Description of problem: On Fedore Releases 7, It's impossible for an user to run a job by cron when his home directory is set to 700 ( drwx------ ) It was working on Fedora Core 6. error reported in /var/log/cron : Jul 1 20:16:01 XXXX crond[16131]: (CRON) chdir(HOME) failed: (Permission denied) Jul 1 20:16:01 XXXX crond[16131]: (CRON) /home/yyyy (Permission denied) Jul 1 20:16:01 XXXX crond[16131]: CRON (yyyy) ERROR: failed to open PAM security session: Permission denied Jul 1 20:16:01 XXXX crond[16131]: CRON (yyyy) ERROR: cannot set security context Version-Release number of selected component (if applicable): [root@gXXXX ]# rpm -q --qf "%{SOURCERPM}\n" -f /usr/sbin/crond vixie-cron-4.1-82.fc7.src.rpm Steps to Reproduce: 1. chmod 700 user's homedir 2. create a cron for this user ( every minutes for examples ) 3. look error reported in /var/log/cron Actual results: cron job not running Expected results: Cron job running Additional info: After some search on it, I found several links about this bugs. It seems to be introduced by the vixie-cron-4.1-_60-SELinux-contains-range.patch according to ( http://bugs.centos.org/view.php?id=2101 )
I forget to mention something, in my case, selinux is totaly disable. [root@gXXXX ]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted # SETLOCALDEFS= Check local definition changes SETLOCALDEFS=0
Thanks for suggestion, fixed in devel, I'll update F-7 soon.