Cannot edit crontab as non root user
$ ls -l /usr/bin/crontab -rwsr-xr-x 1 root root 36K Jul 3 2012 /usr/bin/crontab
The ownership and permission should actually be
-rwxr-sr-x 1 root crontab 35880 Jul 3 2012 /usr/bin/crontab
Since Debian sarge, crontab
is setgid crontab, not setuid root, as requested in bug #18333.
This is the cause of your problem: the crontab
program expects to run setgid, not setuid, so it creates the temporary file as the user and group it's running as, which are root
and the caller's primary group instead of the calling user and the crontab
group.
Reinstall the cron
package:
apt-get --reinstall install cron
(as root). Check that /var/spool/cron/crontabs
has the correct permissions and ownership:
drwx-wx--T 2 root crontab 4096 Oct 8 2013 /var/spool/cron/crontabs
In the future, don't mess with permissions of system files.
Related videos on Youtube
Thurion
Updated on September 18, 2022Comments
-
Thurion over 1 year
When I use the command
crontab -e
on my Debian server as a non root user (in this case as postgres), I can't edit it because of"/tmp/crontab.SJlY0Y/crontab" [Permission Denied]
crontab -l
on the other hand works fine. How can I fix this problem?Here are the current permissions:
$ ls -l /tmp/crontab.SJlY0Y/crontab -rw------- 1 root postgres 1.2K Aug 3 11:44 /tmp/crontab.SJlY0Y/crontab $ ls -l /var/spool/cron total 12K drwxrwx--T 2 daemon daemon 4.0K Sep 12 2012 atjobs drwxrwx--T 2 daemon daemon 4.0K Jun 9 2012 atspool drwx-wx--T 2 root crontab 4.0K Aug 3 11:15 crontabs $ ls -l /var/spool/cron/crontabs total 12K -rw------- 1 git crontab 1.3K Mar 2 16:48 git -rw------- 1 postgres crontab 1.4K Aug 3 11:15 postgres -rw------- 1 root root 2.3K Jul 20 20:32 root $ ls -l /usr/bin/crontab -rwsr-xr-x 1 root root 36K Jul 3 2012 /usr/bin/crontab $ ls -ld /tmp/ drwxrwxrwt 6 root root 4.0K Aug 3 11:43 /tmp/
-
Alen Milakovic over 9 yearsThe presence of
postgres
inls -l /tmp/crontab.SJlY0Y/crontab
is unexpected. Can you think of any reason why it should he there? -
beans over 9 yearsSince the crontab is for the postgres user, I was expecting the postgres user and group to own it, so that is why I'm suggesting that the group should have permission to read and write
-
Alen Milakovic over 9 years@beans Sorry, I was not paying attention - didn't notice the user was postgres.
-
garethTheRed over 9 yearsWhat is the permissions on your
/tmp
directory? It should bedrwxrwxrwt
. -
Gilles 'SO- stop being evil' over 9 years@beans The group shouldn't be allowed to access that file, otherwise another user in that group could view or modify the crontab. The permissions on the temporary file are correct, it's the ownership that's wrong: it should be owned by
postgres:crontab
. Since it's a temporary file, changing its permissions manually would be a one-time fix only; the solution requires finding why the ownership is wrong. -
Alaa Ali over 9 yearsThe man pages of crontab says that
su can confuse crontab
, and you're most likely logged intopostgres
usingsu
. Can you try editing the crontab usingcrontab -u postgres -e
? Also, are there other error lines than thePermission Denied
you mentioned? -
Thurion over 9 yearsRe-installing crontab (as Gilles wrote) helped. When I look now at the permission of the file in /tmp it's seems to be correct:
drwx------ 2 postgres crontab 4.0K Aug 4 03:21 crontab.gsOZJk
-
-
Thurion over 9 yearsUnfortunately I don't know what caused this mess. I don't change permission of system files unless something is not working.
-
eyoung100 over 9 yearsTry using
sudo apt-get --reinstall install cron