#!/bin/bash # # Copyright (c) International Business Machines Corp., 2003 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See # the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # # FILE: /var/spool/cron/allow # # PURPOSE: Test that /var/spool/cron/allow , only allows those in the file to run cron jobs. # # HISTORY: # 04/03 Jerone Young (jyoung5@us.ibm.com) # echo "This script contains bashism that needs to be fixed!" iam=`whoami` tvar=${MACHTYPE%-*} tvar=${tvar#*-} if [ "$tvar" = "redhat" -o "$tvar" = "redhat-linux" ] then CRON_ALLOW="/etc/cron.allow" else CRON_ALLOW="/var/spool/cron/allow" fi TEST_USER1="ca_user1" TEST_USER1_HOME="/home/$TEST_USER1" TEST_USER2="ca_user2" TEST_USER2_HOME="/home/$TEST_USER2" #----------------------------------------------------------------------- # FUNCTION: do_setup #----------------------------------------------------------------------- do_setup() { #move any files that may get in the way rm /tmp/cron_allow_test > /dev/null 2>&1 rm /tmp/cron_allow_test1 > /dev/null 2>&1 mv $CRON_ALLOW $CRON_ALLOW.old > /dev/null 2>&1 #remove users for clean enviroment su $TEST_USER1 -c "crontab -r" su $TEST_USER2 -c "crontab -r" rm -rf /home/$TEST_USER1 rm -rf /home/$TEST_USER2 userdel $TEST_USER1 userdel $TEST_USER2 sleep 1 #create 1st user useradd -m -g users $TEST_USER1 if [ $? != 0 ] then { echo "Could not add test user $TEST_USER1 to system." exit 1 } fi #create 2nd user useradd -m -g users $TEST_USER2 if [ $? != 0 ] then { echo "Could not add test user $TEST_USER2 to system." exit 1 } fi } #----------------------------------------------------------------------- # FUNCTION: do_cleanup #----------------------------------------------------------------------- do_cleanup(){ su $TEST_USER1 -c "crontab -r" su $TEST_USER2 -c "crontab -r" rm -rf /home/$TEST_USER1 rm -rf /home/$TEST_USER2 userdel $TEST_USER1 userdel $TEST_USER2 rm $CRON_ALLOW mv $CRON_ALLOW.old $CRON_ALLOW > /dev/null 2>&1 rm /tmp/cron_allow_test >/dev/null 2>&1 } #----------------------------------------------------------------------- # FUNCTION: run_test #----------------------------------------------------------------------- run_test() { if [ $iam = $TEST_USER1 ] then echo "TEST: $CRON_ALLOW should only allow those in the file to run cron jobs." echo "(1) TEST THAT PERSON IN $CRON_ALLOW IS ABLE TO RUN JOB." echo "backup crontab...." crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam crontab - << EOF `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test 2>&1 EOF if [ $? != 0 ]; then echo Error while adding crontab for user $TEST_USER1 exit 1 fi echo "sleeping for 130 seconds...." sleep 130 EXIT_CODE=1 test -e /tmp/cron_allow_test && EXIT_CODE=0 if [ $EXIT_CODE = 1 ]; then echo "Cron did not allow user to execute job , TEST FAILED" else echo "Cron allowed user to execute test job, TEST PASSED" fi echo "restore old crontab..." crontab /tmp/crontab-cronallow-save-$iam rm -f /tmp/crontab-cronallow-save-$iam rm -f /tmp/cron_allow_test exit $EXIT_CODE fi if [ $iam = $TEST_USER2 ] then echo "(2) TEST THAT PERSON NOT IN $CRON_ALLOW IS NOT ABLE TO RUN JOB." echo "backup crontab...." crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam crontab - << EOF `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test1 2>&1 EOF if [ $? != 0 ]; then echo Error while adding crontab for user $TEST_USER2 fi echo "sleeping for 130 seconds...." sleep 130 EXIT_CODE=0 test -e /tmp/cron_allow_test1 && EXIT_CODE=1 if [ $EXIT_CODE = 0 ]; then echo "Cron did not allow user to execute job , TEST PASSED" else echo "Cron allowed user to execute test job, TEST FAILED" fi echo "restore old crontab..." crontab /tmp/crontab-cronallow-save-$iam rm -f /tmp/crontab-cronallow-save-$iam rm -f /tmp/cron_allow_test1 exit $EXIT_CODE fi } #----------------------------------------------------------------------- # FUNCTION: main #----------------------------------------------------------------------- if [ $iam = "root" ] then do_setup echo $TEST_USER1 > $CRON_ALLOW EXIT_CODE=0 su $TEST_USER1 -c "$0" if [ $? != 0 ] then EXIT_CODE=1 fi su $TEST_USER2 -c "$0" if [ $? != 0 ] then EXIT_CODE=1 fi do_cleanup exit $EXIT_CODE else run_test fi