In cron(8), require that crontab and at files in the spool be owned

by group crontab.  The at(1) command now creates files owned by
group crontab, the crontab(1) command already does this.

Files in the crontab spool with parse errors are now ignored;
crontab(1) will not install a crontab file with parse errors.
The system crontab file (/etc/crontab) is not affected by this.

The required permissions on crontab files have been tightened.
Files in the cron spool must be mode 0600 (as created by crontab(1)).
The system crontab file may be readable/writable by the owner,
readable by group and readable by other.  The system crontab must
be readable by the owner.

1 files changed, 2 insertions, 5 deletions

diff --git a/usr.bin/at/at.c b/usr.bin/at/at.c
index 7a9c63ddc17..16a96a7baf4 100644
--- a/usr.bin/at/at.c
+++ b/usr.bin/at/at.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: at.c,v 1.79 2017/03/18 02:58:54 deraadt Exp $	*/
+/*	$OpenBSD: at.c,v 1.80 2017/06/07 23:36:43 millert Exp $	*/
 
 /*
  *  at.c : Put file into atrun queue
@@ -217,9 +217,6 @@ writefile(const char *cwd, time_t runtimer, char queue)
 	if ((fd = newjob(runtimer, queue)) == -1)
 		fatal("unable to create atjob file");
 
-	if (fchown(fd, -1, user_gid) != 0)
-		fatal("fchown");
-
 	/*
 	 * We've successfully created the file; let's set the flag so it
 	 * gets removed in case of an interrupt or error.
@@ -256,7 +253,7 @@ writefile(const char *cwd, time_t runtimer, char queue)
 	}
 
 	(void)fprintf(fp, "#!/bin/sh\n# atrun uid=%lu gid=%lu\n# mail %*s %d\n",
-	    (unsigned long)user_uid, (unsigned long)user_gid,
+	    (unsigned long)user_uid, (unsigned long)spool_gid,
 	    MAX_UNAME, mailname, send_mail);
 
 	/* Write out the umask at the time of invocation */