community/fcron rights/permission problem
Hi, I tried to use fcron with 3.13 (both as a docker image and in a virtual machine installed with the iso) because of its ability to work like anacron, but could not set crontab.
when running fcrontab -e as root, the editor opens, but after closing the editor it runs into
ERROR could not open /etc/fcron/fcron.allow: Permission denied
debugging with strace reveals, that it is a problem of the subprocess /usr/bin/fcronsighup:
2021-01-29 22:46:58 ERROR could not open /etc/fcron/fcron.allow: Permission denied 2021-01-29 22:46:58 ERROR fcron child aborted: this does not affect the main fcron daemon, but this may prevent a job from being run or an email from being sent.
which is strange because drwxr-xr-x 2 root root 4096 Jan 29 21:23 /etc/fcron/ -rw-r----- 1 root fcron 253 Jun 2 2020 /etc/fcron/fcron.allow -rw-r----- 1 root fcron 653 Jun 2 2020 /etc/fcron/fcron.conf ---s--x--- 1 root fcron 30472 Jun 2 2020 /usr/bin/fcronsighup*
so fcronsighup should be able to read that file, especially when run as root.
But then, strace again, shows the problem: setresuid(-1,101,-1) then access to /etc/fcron/fcron.conf gets a permission denied, and a later access to /etc/fcron/fcron.conf fails as well
Further Analysis shows /etc/passwd: fcron:x:101:65533:fcron:/home/fcron:/sbin/nologin
and /etc/group fcron:x:101: nogroup:x:65533:fcron
so /etc/passwd has a wrong group number, but this doesn't help
chmod a+r /etc/fcron/* solves the first problem, so it seems that setresuid spoils the g+s mod of /usr/bin/fcronsighup and puts the process into uid fcron and thus unable to read the config files
even then, when trying to set a user's crontab as root with
fcrontab -e -u username I get an error that it can't change egid