A user asked me to add his autorank pro scripts to my daily cron.

Is it completely save to do this or will i risk any problems ?



Thanks

Your user can run cron jobs under his ownership which is better security, you will need to give him a shell account though, so he can run crontab.

Never run a script for an untrusted user as root. If you must, make sure that the script cannot be accessed by anybody but root. If you enter a cron job as root for a script owned by somebody else, the script will run as root, but can be edited by the owner, thus opening significant security risk. Give the user a shell account and run the script under the username of the account. This will prevent the script from accessing system resources beyond those available to user in the shell.

Er.. Yea! That what I meant :D

I guess you could enable shell access on his account, telnet in and setup the cron then disable shell again? I assume this would work.

I say this because I'm a bit skeptical about giving shell access out on our machines.

But as the others say, don't add it to your root cron jobs. Make sure its a separate job run under his user account.

>>c0bra, i did exactly that.

But when i was logged in as my user, i noticed that i could do "ls" at the /sites dir, and list all clients.
i could walk around the system and "ls" where i wanted !

Is this normal ?

But when i was logged in as my user, i noticed that i could do "ls" at the /sites dir, and list all clients.
i could walk around the system and "ls" where i wanted !

Is this normal ?


Yes.

If you are letting users have telnet then it is important to have an aggreement with them that they stay in their own directory.

And make sure you monitor their .bash_history file and see what they are up too.