On Mar 12, 2012, at 12:03 PM, James B. Byrne wrote:
CentOS-6.2
We moved a cron job from a CentOS-5.7 host to a CentOS-6.2 host. The MAILTO variable is set to support@harte-lyne.ca in both instances. On the CentOS-6 host instead of receiving the mail with the output we see this in /var/log/cron instead:
Mar 12 14:49:01 inet09 CROND[6639]: (cron theheart) UNSAFE (support@harte-lyne.ca )
The CentOS-5 host uses Sendmail as the MTA, the CentOS-6 uses Postfix. We can send mail to support@harte-lyne.ca from the command line on both hosts.
The permissions of the files in /var/spool/cron are: # ll /var/spool/cron total 12 -rw-------. 1 root root 34 Mar 9 16:41 root -rw-------. 1 root root 4245 Mar 12 14:53 theheart
Selinux is set to Permissive (for the time being):
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 24 Policy from config file: targeted
What is causing cron to complain. What is unsafe and how do I rectify this?
---- the surest way I know to make selinux complain is to copy a file created on one computer or an unrelated directory and copy/move it to another as it will fail to get the correct security contexts whereas generally using the tools for the purpose will avoid that. In other words, if you 'su - theheart' and then 'crontab -e' you should get the correct selinux file contexts.
To remedy, I would suspect that you need to do 'restorecon -v /var/spool/cron'
Craig