1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#!/bin/sh
set -e
crondir="/var/spool/cron"
action="$1"
#DEBHELPER#
if [ "$action" != configure ]; then
exit 0
fi
# Add group for crontabs
getent group crontab > /dev/null 2>&1 || addgroup --system crontab
# Fixup crontab , directory and files for new group 'crontab'.
# Can't use dpkg-statoverride for this because it doesn't cooperate nicely
# with cron alternatives such as bcron
if [ -d $crondir/crontabs ] ; then
chown root:crontab $crondir/crontabs
chmod 1730 $crondir/crontabs
# This used to be done conditionally. For versions prior to "3.0pl1-81"
# It has been disabled to suit cron alternative such as bcron.
cd $crondir/crontabs
set +e
# Iterate over each entry in the spool directory, perform some sanity
# checks (see CVE-2017-9525), and chown/chgroup the crontabs
for tab_name in *
do
[ "$tab_name" = "*" ] && continue
tab_links=`stat -c '%h' "$tab_name"`
tab_owner=`stat -c '%U' "$tab_name"`
if [ ! -f "$tab_name" ]
then
echo "Warning: $tab_name is not a regular file!"
continue
elif [ "$tab_links" -ne 1 ]
then
echo "Warning: $tab_name has more than one hard link!"
continue
elif [ "$tab_owner" != "$tab_name" ]
then
echo "Warning: $tab_name name differs from owner $tab_owner!"
continue
fi
chown "$tab_owner:crontab" "$tab_name"
chmod 600 "$tab_name"
done
set -e
fi
|
