security concern around adding cron user to web application group
I have a permissions issue on my CentOS 5.6 machine with regards to the cron user.
On my test/staging environment my cron user (picco-cron) is a member of one group - picco-cron, as below:
My cron user is pretty much exactly what it sounds like. A user created for the purposes solely of running cron jobs.
My question is - is there a security issue around letting the "cron" user have access to writing to 90% of the directories in my application? Is it as simple as to add picco-cron to the dev group or is there a security concern here?
|All times are GMT +1. The time now is 04:35 PM.|
Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.