1 #!/bin/bash 2 # 3 # Copyright (c) International Business Machines Corp., 2003 4 # 5 # This program is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as published by 7 # the Free Software Foundation; either version 2 of the License, or 8 # (at your option) any later version. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 # the GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18 # 19 # FILE: /var/spool/cron/allow 20 # 21 # PURPOSE: Test that /var/spool/cron/deny , does not allow those in the file to run cron jobs. 22 # 23 # HISTORY: 24 # 04/03 Jerone Young (jyoung5 (at] us.ibm.com) 25 # 26 27 echo "This script contains bashism that needs to be fixed!" 28 29 iam=`whoami` 30 31 tvar=${MACHTYPE%-*} 32 tvar=${tvar#*-} 33 34 if [ "$tvar" = "redhat" -o "$tvar" = "redhat-linux" ] 35 then 36 CRON_DENY="/etc/cron.deny" 37 CRON_ALLOW="/etc/cron.allow" 38 else 39 CRON_DENY="/var/spool/cron/deny" 40 CRON_ALLOW="/var/spool/cron/allow" 41 fi 42 43 TEST_USER1="cd_user1" 44 TEST_USER1_HOME="/home/$TEST_USER1" 45 TEST_USER2="cd_user2" 46 TEST_USER2_HOME="/home/$TEST_USER2" 47 48 #----------------------------------------------------------------------- 49 # FUNCTION: do_setup 50 #----------------------------------------------------------------------- 51 52 do_setup() { 53 #move any files that may get in the way 54 rm /tmp/cron_deny_test > /dev/null 2>&1 55 rm /tmp/cron_deny_test1 > /dev/null 2>&1 56 57 mv $CRON_DENY $CRON_DENY.old > /dev/null 2>&1 58 mv $CRON_ALLOW $CRON_ALLOW.old > /dev/null 2>&1 59 60 #remove users for clean enviroment 61 su $TEST_USER1 -c "crontab -r" 62 su $TEST_USER2 -c "crontab -r" 63 rm -rf /home/$TEST_USER1 64 rm -rf /home/$TEST_USER2 65 userdel $TEST_USER1 66 userdel $TEST_USER2 67 sleep 1 68 69 #create 1st user 70 useradd -m -g users $TEST_USER1 71 if [ $? != 0 ] 72 then { 73 echo "Could not add test user $TEST_USER1 to system." 74 exit 1 75 } 76 fi 77 78 #create 2nd user 79 useradd -m -g users $TEST_USER2 80 if [ $? != 0 ] 81 then { 82 echo "Could not add test user $TEST_USER2 to system." 83 exit 1 84 } 85 fi 86 } 87 88 #----------------------------------------------------------------------- 89 # FUNCTION: do_cleanup 90 #----------------------------------------------------------------------- 91 do_cleanup(){ 92 su $TEST_USER1 -c "crontab -r" 93 su $TEST_USER2 -c "crontab -r" 94 rm -rf /home/$TEST_USER1 95 rm -rf /home/$TEST_USER2 96 userdel $TEST_USER1 97 userdel $TEST_USER2 98 rm $CRON_DENY 99 mv $CRON_DENY.old $CRON_DENY > /dev/null 2>&1 100 mv $CRON_ALLOW.old $CRON_ALLOW > /dev/null 2>&1 101 rm /tmp/cron_allow_test >/dev/null 2>&1 102 } 103 104 #----------------------------------------------------------------------- 105 # FUNCTION: run_test 106 #----------------------------------------------------------------------- 107 run_test() { 108 109 if [ $iam = $TEST_USER1 ] 110 then 111 echo "TEST: $CRON_DENY should allow only allow those who are not in the file to 112 run cron jobs." 113 114 echo "(1) TEST THAT PERSON NOT IN $CRON_DENY IS ABLE TO RUN JOB." 115 116 crontab - << EOF 117 `date '+%M' | awk '{ORS=""; print ($1+2)%60" * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_deny_test 2>&1 118 EOF 119 if [ $? != 0 ]; then 120 echo Error while adding crontab for user $TEST_USER1 121 exit 1 122 fi 123 124 echo "sleeping for 130 seconds...." 125 sleep 130 126 127 EXIT_CODE=1 128 test -e /tmp/cron_deny_test && EXIT_CODE=0 129 130 if [ $EXIT_CODE = 1 ]; then 131 echo "Cron did not allow user to execute job , TEST FAILED" 132 else 133 echo "Cron allowed user to execute test job, TEST PASSED" 134 fi 135 136 rm -f /tmp/cron_deny_test 137 138 exit $EXIT_CODE 139 fi 140 141 if [ $iam = $TEST_USER2 ] 142 then 143 echo "(2) TEST THAT PERSON IN $CRON_DENY IS NOT ABLE TO RUN JOB." 144 145 crontab - << EOF 146 `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_deny_test 2>&1 147 EOF 148 if [ $? != 0 ]; then 149 echo Error while adding crontab for user $TEST_USER2 150 fi 151 152 echo "sleeping for 130 seconds...." 153 sleep 130 154 155 EXIT_CODE=0 156 test -e /tmp/cron_deny_test1 && EXIT_CODE=1 157 158 if [ $EXIT_CODE = 0 ]; then 159 echo "Cron did not allow user to execute job , TEST PASSED" 160 else 161 echo "Cron allowed user to execute test job, TEST FAILED" 162 fi 163 164 rm -f /tmp/cron_deny_test1 165 166 exit $EXIT_CODE 167 fi 168 169 } 170 171 #----------------------------------------------------------------------- 172 # FUNCTION: main 173 #----------------------------------------------------------------------- 174 if [ $iam = "root" ] 175 then 176 do_setup 177 echo $TEST_USER2 > $CRON_DENY 178 EXIT_CODE=0 179 su $TEST_USER1 -c "$0" 180 if [ $? != 0 ] 181 then 182 EXIT_CODE=1 183 fi 184 su $TEST_USER2 -c "$0" 185 if [ $? != 0 ] 186 then EXIT_CODE=1 187 fi 188 do_cleanup 189 exit $EXIT_CODE 190 else 191 run_test 192 fi 193
