Red Hat Bugzilla – Bug 85791
Unable to look at "at" jobs without being root
Last modified: 2007-04-18 12:51:54 EDT
Description of problem:
If you enter an at job from the command line, you will not be able to look at
what the job does without becoming root. You can use atq to determine when a
job will execute but not what it will do. Even if you know the name of the file
in /var/spool/at (which isn't displayed by atq), you still can't view it
because of the permissions.
Version-Release number of selected component (if applicable):
atq should display the name of a file that is viewable by the user or there
should be an "atcat" command which will display the contents of the file when
given the specified at job number.
In Solaris 7, atq displays:
Rank Execution Date Owner Job Queue Job Name
1st Mar 8, 2003 06:11 stephen 1047132712.a a stdin
2nd Mar 8, 2003 07:10 stephen 1047136255.a a stdin
3rd Mar 9, 2003 06:11 stephen 1047219109.a a stdin
4th Mar 9, 2003 07:10 stephen 1047222647.a a stdin
5th Mar 10, 2003 06:11 stephen 1047305511.a a stdin
6th Mar 10, 2003 06:12 stephen 1047305530.a a stdin
7th Mar 10, 2003 07:10 stephen 1047309049.a a stdin
8th Mar 10, 2003 07:11 stephen 1047309060.a a stdin
9th Mar 11, 2003 06:11 stephen 1047391918.a a stdin
10th Mar 11, 2003 07:11 stephen 1047395474.a a stdin
11th Mar 12, 2003 06:11 stephen 1047478312.a a stdin
12th Mar 12, 2003 07:10 stephen 1047481855.a a stdin
13th Mar 13, 2003 06:11 stephen 1047564709.a a stdin
14th Mar 13, 2003 07:10 stephen 1047568247.a a stdin
15th Mar 14, 2003 06:11 stephen 1047651111.a a stdin
16th Mar 14, 2003 07:10 stephen 1047654649.a a stdin
I can then do:
to display the contents of the job.
I'm not sure what the full implications of lightening the
permissions on /var/spool/at/ would be (say to 701), but
perhaps "atcat" would be more useful anyway?
"atcat" would also mean users wouldn't have to see the actual
job filenames themselves making the "interface" more opaque.
Just clearing out old bugs here.
This problem does appear to be fixed with latest versions of at
in all releases . atq lets you see all the jobs in your queue -
only root may look at jobs in other queues. at -c <job id> does
output the job contents correctly to non-root users.