Since /etc/crontab is not edited via crontab(1) there's no good

reason to require its mode to be be 0400 or to bail if the link
count is != 1.  The reason for such paranoia all has to do with
crontab(1) and editing user crontab files.  We now only require
that /etc/crontab not be writable by anyone other than the owner.
OK deraadt@ ajacoutot@ jmc@

1 files changed, 7 insertions, 10 deletions

diff --git a/usr.sbin/cron/cron.8 b/usr.sbin/cron/cron.8
index cf39eda89f5..2af248d47a4 100644
--- a/usr.sbin/cron/cron.8
+++ b/usr.sbin/cron/cron.8
@@ -17,7 +17,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.\" $OpenBSD: cron.8,v 1.28 2007/02/18 23:59:03 jmc Exp $
+.\" $OpenBSD: cron.8,v 1.29 2007/03/28 16:49:25 millert Exp $
 .\"
 .Dd July 6, 2002
 .Dt CRON 8
@@ -212,14 +212,11 @@ to check for crontab changes immediately
 .Sh AUTHORS
 .An Paul Vixie Aq vixie@isc.org
 .Sh CAVEATS
-All
 .Xr crontab 5
-files must not be readable or writable by any user other than their owner,
-including
-.Pa /etc/crontab .
-In practice this means they should be mode 0600.
-This restriction is enforced automatically by
-.Xr crontab 1
-but if
+files will be ignored if they do not have the proper file mode.
+For user crontab files created by
+.Xr crontab 1 ,
+the mode must be 0400 or 0600.
+If the system crontab file is used,
 .Pa /etc/crontab
-is used, the mode must be set manually on that file.
+must not be writable by any user other than root.