Bug#767894: More permission issues
Alexandre Detiste
alexandre.detiste at gmail.com
Tue Nov 4 09:11:07 GMT 2014
> Generally, user crontabs are only visible by the owner.
Ok, from now on [1], systemd-cron do it's best to keep those secret:
-) the crontab line is not anymore in the job description
-) "chmod o-r /run/systemd/generator/cron-<user>-<user>-#.(timer|service)"
"systemctl status" is fixed ; and a ordinary user doesn't have access
to the journal.
But, this is not enough; systemd will still leaks the info with
"systemctl show cron-<user>-<user>-0.service -p ExecStart"
You may wish to file a bug/wishlist against systemd.
So, if a user really want to keep is job secret from other users,
it should be stored in /home/user/bin/ and called from his crontab.
The other users will known that the job exist, but won't know its contents.
Alexandre
[1] https://github.com/systemd-cron/systemd-cron/commit/2bb61a6b10d5bdc956a830f368ecdea8e1426681
More information about the Pkg-systemd-maintainers
mailing list