1 |
On Sun, Jan 29, 2017 at 12:15 PM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
2 |
> On 29/01/2017 18:30, Mike Gilbert wrote: |
3 |
>> On Sun, Jan 29, 2017 at 3:43 AM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
4 |
>>>> The password can be in a file, and read into a shell variable. |
5 |
>>> |
6 |
>>> I already said cron has to launch any script or command that exists. |
7 |
>>> Cron cannot dictate what form a command must have as the command already |
8 |
>>> exists, it can only try and improve things overall |
9 |
>> |
10 |
>> Any command that requires sensitive information be passed on the |
11 |
>> command line is broken by design and should not be used. |
12 |
>> |
13 |
> |
14 |
> |
15 |
> I agree. But you, like Ian, are not actually understanding what I'm saying. |
16 |
> |
17 |
> I'm not advocating using such a program, I'm saying cron has to deal |
18 |
> with the fact that they exist. Now, I haven't said yet where such |
19 |
> garbage might exist, but I know a place where they thrive: |
20 |
> |
21 |
> inside corporates, written inhouse, sources long gone, no updates |
22 |
> possible, no budget to rewrite, no appetite to fix from the overlords. |
23 |
|
24 |
I would expect the sysadmin to deal with it by setting a restrictive |
25 |
mode on the /etc/cron* files themselves. |
26 |
|
27 |
Relying on the directory mode set by the distro to hide the files is foolish. |