New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crontab not able to read a user crontab from a file #7730

Open
ctheune opened this Issue May 6, 2015 · 10 comments

Comments

Projects
None yet
6 participants
@ctheune
Copy link
Contributor

ctheune commented May 6, 2015

This has been reported on the mailinglist previously and it also doesn't work for me:

http://lists.science.uu.nl/pipermail/nix-dev/2014-September/014120.html

[vagrant@nixos-14_12-i686:~]$ crontab  /home/vagrant/deployment/work/crontab/crontab
cannot chdir(/var/cron), bailing out.
/var/cron: Permission denied

There is a temporary change of the UID when passing a file and I guess this fails to switch back. If you pass the file via stdin, everything is fine

[vagrant@nixos-14_12-i686:/var/setuid-wrappers]$ crontab - <  /home/vagrant/deployment/work/crontab/crontab

I'm not sure which variation of HAVE_SAVED_UIDS is in place and why it doesn't fail hard switching back. Sounds like it's accidentally switching back to the wrong UIDs.

Help? :)

@zimbatm

This comment has been minimized.

Copy link
Member

zimbatm commented Mar 1, 2016

How is crontab installed as a suid wrapper ? Installing nix-env -iA nixos.cron
and then running:

$ crontab -e
/var/cron: No such file or directory
/var/cron: mkdir: Permission denied
@edolstra

This comment has been minimized.

Copy link
Member

edolstra commented Mar 1, 2016

@zimbatm On NixOS, cron is enabled by setting services.cron.enable, which provides the setuid wrapper.

@zimbatm

This comment has been minimized.

Copy link
Member

zimbatm commented Mar 1, 2016

Okay, I can reproduce now but the second way also fails for me, in a different way:

$ echo * 0 0 * * echo hi > mycrontab
$ crontab mycrontab
cannot chdir(/var/cron), bailing out.
/var/cron: Permission denied
$ crontab - < mycrontab
"-":1: bad day-of-month
errors in crontab file, can't install.
@zimbatm

This comment has been minimized.

Copy link
Member

zimbatm commented Mar 1, 2016

Comparing strace outputs, a bunch of syscalls are added when accessing the file directly between the close() and stat(). I think it's trying to drop privileges so you can start loading any file on the system.

[pid 13814] close(4)                    = 0
[pid 13814] close(3)                    = 0
[pid 13814] getegid()                   = 100
[pid 13814] geteuid()                   = 0
[pid 13814] getgid()                    = 100
[pid 13814] setresgid(-1, 100, -1)      = 0
[pid 13814] getuid()                    = 1000
[pid 13814] setresuid(-1, 1000, -1)     = 0
[pid 13814] open("woot.txt", O_RDONLY)  = 3
[pid 13814] getgid()                    = 100
[pid 13814] setresgid(-1, 100, -1)      = 0
[pid 13814] getuid()                    = 1000
[pid 13814] setresuid(-1, 1000, -1)     = 0
[pid 13814] stat("/var/cron", {st_mode=S_IFDIR|0710, st_size=4096, ...}) = 0
[pid 13814] chdir("/var/cron")          = -1 EACCES (Permission denied)
[pid 13814] write(2, "cannot chdir(/var/cron), bailing"..., 38cannot chdir(/var/cron), bailing out.
) = 38

My uid/gid is 1000 and 100 by the way.
http://man7.org/linux/man-pages/man2/setresuid.2.html

@edolstra

This comment has been minimized.

Copy link
Member

edolstra commented Mar 1, 2016

@ctheune Does /var/cron/tabs exist? You may also need to create /var/cron/cron.deny as an empty file.

@r14c

This comment has been minimized.

Copy link

r14c commented Aug 14, 2016

I'm having the same issue, and for me both of those files exist.

@marsam

This comment has been minimized.

Copy link
Contributor

marsam commented Jun 12, 2017

FWIW I also had:

$ crontab -e
/var/cron: No such file or directory
/var/cron: mkdir: Permission denied

my problem was that /run/wrappers/bin was not in $PATH.

@stefano-m

This comment has been minimized.

Copy link

stefano-m commented Apr 26, 2018

@edolstra crontab does not seem to work even when using the -u option as root (fails to find the vi executable). Maybe this is a low hanging fruit that would help some users?

$ nix-info -m
 - system: `"x86_64-linux"`
 - host os: `Linux 4.14.35, NixOS, 18.03.132083.06c576b0525 (Impala)`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.0`
 - channels(root): `"nixos-18.03.132083.06c576b0525"`
 - channels(myuser): `"unstable-18.09pre137816.255a833e841"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs`

$ nix-channel --list
unstable https://nixos.org/channels/nixpkgs-unstable

$ whoami
myuser

$ nix-env -iA unstable.cron

$ sudo crontab -u myuser -e
/var/cron: No such file or directory
/var/cron: created
tabs: No such file or directory
tabs: created
no crontab for myuser - using an empty one
/bin/sh: /usr/bin/vi: No such file or directory
crontab: "/usr/bin/vi" exited with status 127
@stefano-m

This comment has been minimized.

Copy link

stefano-m commented Apr 26, 2018

On the other hand, if I run the command with sudo -i and I have cron installed by root, it works.

@stefano-m

This comment has been minimized.

Copy link

stefano-m commented Apr 26, 2018

The issue is that if crontab does not find the EDITOR env var, it falls back to vi (that's hard coded in the crontab binary)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment