CodingForums.com

CodingForums.com (http://www.codingforums.com/index.php)
-   Apache configuration (http://www.codingforums.com/forumdisplay.php?f=69)
-   -   security concern around adding cron user to web application group (http://www.codingforums.com/showthread.php?t=285272)

crmpicco 01-04-2013 03:10 PM
security concern around adding cron user to web application group
 
I have a permissions issue on my CentOS 5.6 machine with regards to the cron user.

On my test/staging environment my cron user (picco-cron) is a member of one group - picco-cron, as below:

Code:
[crmpicco@1872-stage1 downloads]$ id picco-cron
uid=601(picco-cron) gid=601(picco-cron) groups=601(picco-cron)
Whereas, my development environment the same user, is a member of the dev group.

Code:
[root@dev53 dev_crmpicco]# id picco-cron
uid=503(picco-cron) gid=503(picco-cron) groups=503(picco-cron),555(dev)
The problem I have is that my PHP web application directories have a group of dev, which is correct, so on my development environment I can write/read to and from these directories as expected. However, on the test/staging environment I cannot as picco-cron is not a member of the dev group.

My cron user is pretty much exactly what it sounds like. A user created for the purposes solely of running cron jobs.

My question is - is there a security issue around letting the "cron" user have access to writing to 90% of the directories in my application? Is it as simple as to add picco-cron to the dev group or is there a security concern here?


All times are GMT +1. The time now is 08:07 AM.

Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.