1 #!/bin/bash 2 # 3 # Copyright (c) International Business Machines Corp., 2003 4 # 5 # This program is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as published by 7 # the Free Software Foundation; either version 2 of the License, or 8 # (at your option) any later version. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 # the GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18 # 19 # FILE: /var/spool/cron/allow 20 # 21 # PURPOSE: Test that /var/spool/cron/allow , only allows those in the file to run cron jobs. 22 # 23 # HISTORY: 24 # 04/03 Jerone Young (jyoung5 (at] us.ibm.com) 25 # 26 27 echo "This script contains bashism that needs to be fixed!" 28 29 iam=`whoami` 30 31 tvar=${MACHTYPE%-*} 32 tvar=${tvar#*-} 33 34 if [ "$tvar" = "redhat" -o "$tvar" = "redhat-linux" ] 35 then 36 CRON_ALLOW="/etc/cron.allow" 37 else 38 CRON_ALLOW="/var/spool/cron/allow" 39 fi 40 41 TEST_USER1="ca_user1" 42 TEST_USER1_HOME="/home/$TEST_USER1" 43 TEST_USER2="ca_user2" 44 TEST_USER2_HOME="/home/$TEST_USER2" 45 46 #----------------------------------------------------------------------- 47 # FUNCTION: do_setup 48 #----------------------------------------------------------------------- 49 50 do_setup() { 51 #move any files that may get in the way 52 rm /tmp/cron_allow_test > /dev/null 2>&1 53 rm /tmp/cron_allow_test1 > /dev/null 2>&1 54 mv $CRON_ALLOW $CRON_ALLOW.old > /dev/null 2>&1 55 56 #remove users for clean enviroment 57 su $TEST_USER1 -c "crontab -r" 58 su $TEST_USER2 -c "crontab -r" 59 rm -rf /home/$TEST_USER1 60 rm -rf /home/$TEST_USER2 61 userdel $TEST_USER1 62 userdel $TEST_USER2 63 sleep 1 64 65 #create 1st user 66 useradd -m -g users $TEST_USER1 67 if [ $? != 0 ] 68 then { 69 echo "Could not add test user $TEST_USER1 to system." 70 exit 1 71 } 72 fi 73 74 #create 2nd user 75 useradd -m -g users $TEST_USER2 76 if [ $? != 0 ] 77 then { 78 echo "Could not add test user $TEST_USER2 to system." 79 exit 1 80 } 81 fi 82 } 83 84 #----------------------------------------------------------------------- 85 # FUNCTION: do_cleanup 86 #----------------------------------------------------------------------- 87 do_cleanup(){ 88 su $TEST_USER1 -c "crontab -r" 89 su $TEST_USER2 -c "crontab -r" 90 rm -rf /home/$TEST_USER1 91 rm -rf /home/$TEST_USER2 92 userdel $TEST_USER1 93 userdel $TEST_USER2 94 rm $CRON_ALLOW 95 mv $CRON_ALLOW.old $CRON_ALLOW > /dev/null 2>&1 96 rm /tmp/cron_allow_test >/dev/null 2>&1 97 } 98 99 #----------------------------------------------------------------------- 100 # FUNCTION: run_test 101 #----------------------------------------------------------------------- 102 run_test() { 103 104 if [ $iam = $TEST_USER1 ] 105 then 106 echo "TEST: $CRON_ALLOW should only allow those in the file to 107 run cron jobs." 108 109 echo "(1) TEST THAT PERSON IN $CRON_ALLOW IS ABLE TO RUN JOB." 110 111 echo "backup crontab...." 112 crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam 113 114 crontab - << EOF 115 `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test 2>&1 116 EOF 117 if [ $? != 0 ]; then 118 echo Error while adding crontab for user $TEST_USER1 119 exit 1 120 fi 121 122 echo "sleeping for 130 seconds...." 123 sleep 130 124 125 EXIT_CODE=1 126 test -e /tmp/cron_allow_test && EXIT_CODE=0 127 128 if [ $EXIT_CODE = 1 ]; then 129 echo "Cron did not allow user to execute job , TEST FAILED" 130 else 131 echo "Cron allowed user to execute test job, TEST PASSED" 132 fi 133 134 echo "restore old crontab..." 135 crontab /tmp/crontab-cronallow-save-$iam 136 rm -f /tmp/crontab-cronallow-save-$iam 137 138 139 rm -f /tmp/cron_allow_test 140 141 exit $EXIT_CODE 142 fi 143 144 if [ $iam = $TEST_USER2 ] 145 then 146 echo "(2) TEST THAT PERSON NOT IN $CRON_ALLOW IS NOT ABLE TO RUN JOB." 147 148 echo "backup crontab...." 149 crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam 150 151 crontab - << EOF 152 `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test1 2>&1 153 EOF 154 if [ $? != 0 ]; then 155 echo Error while adding crontab for user $TEST_USER2 156 fi 157 158 echo "sleeping for 130 seconds...." 159 sleep 130 160 161 EXIT_CODE=0 162 test -e /tmp/cron_allow_test1 && EXIT_CODE=1 163 164 if [ $EXIT_CODE = 0 ]; then 165 echo "Cron did not allow user to execute job , TEST PASSED" 166 else 167 echo "Cron allowed user to execute test job, TEST FAILED" 168 fi 169 170 echo "restore old crontab..." 171 crontab /tmp/crontab-cronallow-save-$iam 172 rm -f /tmp/crontab-cronallow-save-$iam 173 174 rm -f /tmp/cron_allow_test1 175 176 exit $EXIT_CODE 177 fi 178 179 } 180 181 #----------------------------------------------------------------------- 182 # FUNCTION: main 183 #----------------------------------------------------------------------- 184 if [ $iam = "root" ] 185 then 186 do_setup 187 echo $TEST_USER1 > $CRON_ALLOW 188 EXIT_CODE=0 189 su $TEST_USER1 -c "$0" 190 if [ $? != 0 ] 191 then 192 EXIT_CODE=1 193 fi 194 su $TEST_USER2 -c "$0" 195 if [ $? != 0 ] 196 then EXIT_CODE=1 197 fi 198 do_cleanup 199 exit $EXIT_CODE 200 else 201 run_test 202 fi 203
