| #!/bin/sh |
| # |
| # Copyright (c) International Business Machines Corp., 2003 |
| # |
| # This program is free software; you can redistribute it and/or modify |
| # it under the terms of the GNU General Public License as published by |
| # the Free Software Foundation; either version 2 of the License, or |
| # (at your option) any later version. |
| # |
| # This program is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See |
| # the GNU General Public License for more details. |
| # |
| # You should have received a copy of the GNU General Public License |
| # along with this pronram; if not, write to the Free Software |
| # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| # |
| # FILE: /var/spool/cron/allow |
| # |
| # PURPOSE: Test that /var/spool/cron/allow , only allows those in the file to run cron jobs. |
| # |
| # HISTORY: |
| # 04/03 Jerone Young (jyoung5@us.ibm.com) |
| # |
| |
| iam=`whoami` |
| |
| tvar=${MACHTYPE%-*} |
| tvar=${tvar#*-} |
| |
| if [ "$tvar" = "redhat" -o "$tvar" = "redhat-linux" ] |
| then |
| CRON_ALLOW="/etc/cron.allow" |
| else |
| CRON_ALLOW="/var/spool/cron/allow" |
| fi |
| |
| TEST_USER1="ca_user1" |
| TEST_USER1_HOME="/home/$TEST_USER1" |
| TEST_USER2="ca_user2" |
| TEST_USER2_HOME="/home/$TEST_USER2" |
| |
| #----------------------------------------------------------------------- |
| # FUNCTION: do_setup |
| #----------------------------------------------------------------------- |
| |
| do_setup() { |
| #move any files that may get in the way |
| rm /tmp/cron_allow_test > /dev/null 2>&1 |
| rm /tmp/cron_allow_test1 > /dev/null 2>&1 |
| mv $CRON_ALLOW $CRON_ALLOW.old > /dev/null 2>&1 |
| |
| #remove users for clean enviroment |
| su $TEST_USER1 -c "crontab -r" |
| su $TEST_USER2 -c "crontab -r" |
| rm -rf /home/$TEST_USER1 |
| rm -rf /home/$TEST_USER2 |
| userdel $TEST_USER1 |
| userdel $TEST_USER2 |
| sleep 1 |
| |
| #create 1st user |
| useradd -m -g users $TEST_USER1 |
| if [ $? != 0 ] |
| then { |
| echo "Could not add test user $TEST_USER1 to system." |
| exit 1 |
| } |
| fi |
| |
| #create 2nd user |
| useradd -m -g users $TEST_USER2 |
| if [ $? != 0 ] |
| then { |
| echo "Could not add test user $TEST_USER2 to system." |
| exit 1 |
| } |
| fi |
| } |
| |
| #----------------------------------------------------------------------- |
| # FUNCTION: do_cleanup |
| #----------------------------------------------------------------------- |
| do_cleanup(){ |
| su $TEST_USER1 -c "crontab -r" |
| su $TEST_USER2 -c "crontab -r" |
| rm -rf /home/$TEST_USER1 |
| rm -rf /home/$TEST_USER2 |
| userdel $TEST_USER1 |
| userdel $TEST_USER2 |
| rm $CRON_ALLOW |
| mv $CRON_ALLOW.old $CRON_ALLOW > /dev/null 2>&1 |
| rm /tmp/cron_allow_test >/dev/null 2>&1 |
| } |
| |
| #----------------------------------------------------------------------- |
| # FUNCTION: run_test |
| #----------------------------------------------------------------------- |
| run_test() { |
| |
| if [ $iam = $TEST_USER1 ] |
| then |
| echo "TEST: $CRON_ALLOW should only allow those in the file to |
| run cron jobs." |
| |
| echo "(1) TEST THAT PERSON IN $CRON_ALLOW IS ABLE TO RUN JOB." |
| |
| echo "backup crontab...." |
| crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam |
| |
| crontab - << EOF |
| `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test 2>&1 |
| EOF |
| if [ $? != 0 ]; then |
| echo Error while adding crontab for user $TEST_USER1 |
| exit 1 |
| fi |
| |
| echo "sleeping for 130 seconds...." |
| sleep 130 |
| |
| EXIT_CODE=1 |
| test -e /tmp/cron_allow_test && EXIT_CODE=0 |
| |
| if [ $EXIT_CODE = 1 ]; then |
| echo "Cron did not allow user to execute job , TEST FAILED" |
| else |
| echo "Cron allowed user to execute test job, TEST PASSED" |
| fi |
| |
| echo "restore old crontab..." |
| crontab /tmp/crontab-cronallow-save-$iam |
| rm -f /tmp/crontab-cronallow-save-$iam |
| |
| |
| rm -f /tmp/cron_allow_test |
| |
| exit $EXIT_CODE |
| fi |
| |
| if [ $iam = $TEST_USER2 ] |
| then |
| echo "(2) TEST THAT PERSON NOT IN $CRON_ALLOW IS NOT ABLE TO RUN JOB." |
| |
| echo "backup crontab...." |
| crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam |
| |
| crontab - << EOF |
| `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test1 2>&1 |
| EOF |
| if [ $? != 0 ]; then |
| echo Error while adding crontab for user $TEST_USER2 |
| fi |
| |
| echo "sleeping for 130 seconds...." |
| sleep 130 |
| |
| EXIT_CODE=0 |
| test -e /tmp/cron_allow_test1 && EXIT_CODE=1 |
| |
| if [ $EXIT_CODE = 0 ]; then |
| echo "Cron did not allow user to execute job , TEST PASSED" |
| else |
| echo "Cron allowed user to execute test job, TEST FAILED" |
| fi |
| |
| echo "restore old crontab..." |
| crontab /tmp/crontab-cronallow-save-$iam |
| rm -f /tmp/crontab-cronallow-save-$iam |
| |
| rm -f /tmp/cron_allow_test1 |
| |
| exit $EXIT_CODE |
| fi |
| |
| } |
| |
| #----------------------------------------------------------------------- |
| # FUNCTION: main |
| #----------------------------------------------------------------------- |
| if [ $iam = "root" ] |
| then |
| do_setup |
| echo $TEST_USER1 > $CRON_ALLOW |
| EXIT_CODE=0 |
| su $TEST_USER1 -c "$0" |
| if [ $? != 0 ] |
| then |
| EXIT_CODE=1 |
| fi |
| su $TEST_USER2 -c "$0" |
| if [ $? != 0 ] |
| then EXIT_CODE=1 |
| fi |
| do_cleanup |
| exit $EXIT_CODE |
| else |
| run_test |
| fi |