at (3.1.8-11ubuntu3) hoary; urgency=low
* Derooted /usr/bin/at.
* at.c:
- Keep real uid, only switch to daemon gid when unlinking files (the
directory is daemon-group writeable, but the job files are owned by user).
- Instead of creating the job file and then fchown()'ing it (which does
not work when running as non-root), change to the real gid when
creating the file.
* atd.c:
- Don't check that the file gid is equal to the execution gid (since job
files are now always owned by "daemon".
- setgid() to the user's gid, not to the file gid for job execution.
* debian/rules:
- Install /usr/bin/at as daemon:daemon 6555 instead of root:root 4755
(running as user daemon is necessary to be allowed to send a signal to
atd.)
- Install /etc/at.deny as root:daemon 640 instead of root:root 0600.
* debian/postinst:
- Make /var/spool/cron/{atjobs,atspool} writeable for group "daemon".
- Update permissions of /etc/at.{allow,deny} if we upgrade from a previous
version and there is no statoverride for these files.
-- Martin Pitt <email address hidden> Fri, 18 Feb 2005 10:56:28 +0100