I have a permissions issue on my CentOS 5.6 machine with regards to the cron user.
On my test/staging environment my cron user (picco-cron) is a member of one group - picco-cron, as below:
[crmpicco@1872-stage1 downloads]$ id picco-cron
uid=601(picco-cron) gid=601(picco-cron) groups=601(picco-cron)
Whereas, my development environment the same user, is a member of the dev group.
[root@dev53 dev_crmpicco]# id picco-cron
uid=503(picco-cron) gid=503(picco-cron) groups=503(picco-cron),555(dev)
The problem I have is that my PHP web application directories have a group of dev, which is correct, so on my development environment I can write/read to and from these directories as expected. However, on the test/staging environment I cannot as picco-cron is not a member of the dev group.
My cron user is pretty much exactly what it sounds like. A user created for the purposes solely of running cron jobs.
My question is - is there a security issue around letting the "cron" user have access to writing to 90% of the directories in my application? Is it as simple as to add picco-cron to the dev group or is there a security concern here?