File: //usr/bin/crontab
#!/usr/bin/bash
##CageFS proxyexec wrapper - ver 17
if [[ $EUID -eq 0 ]]; then
echo 'Cannot be run as root'
exit 1
fi
USR=`/usr/bin/whoami`
CWD=`pwd`
TOKEN=`/bin/cat /var/.cagefs/.cagefs.token`
# It's user's tmp directory and write to it is secure procedure
# because this script is running only under usual user
LOCKFILE=/tmp/.crontab.lock
FD=`ulimit -n`
(( FD -= 1 ))
if [[ -e /var/.cagefs/origin ]]; then
ORIGIN=`/bin/cat /var/.cagefs/origin`
REMOTE="/usr/bin/ssh -F /etc/ssh/cagefs-rexec_config $USR@$ORIGIN"
else
REMOTE=""
fi
eval "(
/usr/bin/flock -x -w 10 $FD || exit 1
echo -n \"\" | $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_CHECK $$
) $FD> $LOCKFILE"
[ $? -ne 0 ] && exit 1
eval "(
/usr/bin/flock -x -w 10 $FD || exit 1
$REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_LIST $$ 2>/dev/null |cat > /var/spool/cron/$USR
) $FD> $LOCKFILE"
/usr/bin/crontab.cagefs $@
eval "(
/usr/bin/flock -x -w 10 $FD || exit 1
if [ -e /var/spool/cron/$USR ]; then
cat /var/spool/cron/$USR | $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_SAVE $$ 2>/dev/null
else
echo -n \"\" | $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_SAVE $$ 2>/dev/null
fi
) $FD>$LOCKFILE"