Are there any security risks in having cron logs readable by all (644)?
We have scheduled some jobs and have issues we want to investigate, but this is justification provided in rejecting our request:
"Cron log will have only read permission for root, we cannot change the permission to make others to read. "
In every *nix environment I have worked, the cron logs have been readable by all.
Is there any valid reason to justify their practice?Some might say that it gives output to read that someone could then try to attack, e.g. you can see the jobs that root runs and you can check to see if you have write privilege to them, effectively allowing to do anything - change passwords, copy SSH keys, delete critical data, copy sensitive data,....... 
The people keeping the restriction might be persuaded to extract the records for the account you are trying to run with. A simple grep would probably do the trick. 
They could even schedule it each day with, um, cron I suppose. :rolleyes:
Robin
Are you sure you didnt mix the cron jobs (- logs) of the user and root?
As USER:
crontab -l
# And compare with ::
su -c "crontab -l"
Me dont have cron installed on this machine, and not used cron on arch yet anyhow....
So i dont recall where the user-cron-logs are saved (or if they are the same, dont think so).
hth