crontab is no longer setuid root, it is now setgid crontab.

These changes were modelled after the Owl version of vixie-cron,
but developed independently.

Our crontab used to send cron SIGUSR1 to tell cron to reread the
spool dir.  Now that crontab is not setuid root this doesn't work.
Instead, crontab pokes cron via a Unix domain socket located in the
tabs dir.

Please note, after these changes, the owner on user crontab files
will have to be changed manually from root to the uid of the
corresponding user for crontab to be usable.  cron itself will accept
tab files owned by either root or the user.
Also, any /var/cron/{allow,deny} files must be readable by group crontab.

1 files changed, 7 insertions, 1 deletions

diff --git a/usr.sbin/cron/pathnames.h b/usr.sbin/cron/pathnames.h
index ed727d6cf5d..aaeed25c41f 100644
--- a/usr.sbin/cron/pathnames.h
+++ b/usr.sbin/cron/pathnames.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pathnames.h,v 1.4 2001/10/24 17:28:16 millert Exp $	*/
+/*	$OpenBSD: pathnames.h,v 1.5 2002/05/09 21:22:01 millert Exp $	*/
 
 /* Copyright 1993,1994 by Paul Vixie
  * All rights reserved
@@ -38,6 +38,12 @@
 			 */
 #define SPOOL_DIR	"tabs"
 
+			/* CRONSOCK is the name of the socket used by crontab
+			 * to poke cron while it is sleeping to re-read the
+			 * cron spool files.  It lives in the spool directory.
+			 */
+#define CRONSOCK	".sock"
+
 			/* undefining these turns off their features.  note
 			 * that ALLOW_FILE and DENY_FILE must both be defined
 			 * in order to enable the allow/deny code.  If neither