crontabs

C

Chrysalis

Verified User
Joined
Aug 25, 2004
Messages
1,340
Location
uk
I noticed when wondering around the user control panel that crontabs can be added, isn't this a major security risk as in the user uploads a shell script and simply adds a crontab entry for it?

Or have I got the wrong end of the stick here.
 
The users' crontab can only operate with the user's priviliges.

Which means s/he can't do damage to any files but his/her own.

Of course many files on the system are world readable, but in general the user can't do more with a crontab than s/he can do with a php program.

Jeff
 
not sure if there is a reason for a user needing a crontab if they dont have shell access anyway, I would like this feature to be an option that can be turned off.
 
I can think of a couple of instances where userland cron is important (g/f uses it on phpBB based auction mod, former client uses it to move/cull data from a futures trading site, etc), but I agree that toggling the ability on/off via admin would be a good addition.

Be well, TR
 
You must log in or register to reply here.
Back
Top