I'm running an OS X machine (10.3.9 client, if that makes any difference) as a file server for several people in an office. There's a folder we use as a "common" area, where we want one user to be able to create a file and have another modify it. The problem is that by default, OS X sets permissions of such files as writable by owner only. To get around that, I came up with the following for my crontab file:

0 * * * * echo password | sudo chmod -R 777 /ThatFolder/* > /dev/null

so that every hour, it'd fix the permissions on all files/folders within ThatFolder, and silence sudo's password prompt. Worked like a charm. But it wasn't triggering fast enough for users to work smoothly, so I decided to have it trigger every 10 minutes or so, did a little Google research, and came up with:

*/10 * * * * echo password | sudo chmod -R 777 /ThatFolder/* > /dev/null

It seemed to work. But next time I checked the admin's email, there was a flood of cron messages that just said "Password:", every 10 minutes. I tried changing the 10 to a 2, and that shut it up. */3 and */4 also work as expected. But setting it to */5 or higher generates emails again.

I'm completely baffled. Anyone have any ideas?

I'm completely baffled. Anyone have any ideas?

Yes. You should investigate using a changed umask instead of what you are doing wasting cpu cycles constantly running a cron job to change permissions. Search for umask on the main site.

1. To deal with your existing issue, do what yellow said.

2. To answer why your cron job is failing, you are not using the -S option to read the password from stdin. But this is really the wrong mechanism for cron. It also places your root password in clear text in a fairly easy to exploit location. If you want it run as root, put it in root's crontab. Want it run as Bob, put it in Bob's crontab.

If this is not practical, make a stand-alone script, chown it to the appropriate user and your group, set the suid flag and write by group flags (chmod 4764 filename). Call that program from anyone's cron or prompt and it will run as another user with no password needed.

The reason it worked with short time intervals is that sudo timestamps it's requests, and doesn't bother you for a repeat password if you run it again in a short time period. you can change the timer in one of sudo's config files. See the man page for details.

This is a great article dealing with what your having trouble with. I'm not sure it'll solve your current problem, and the first reply is the best answer I can think of this early in the morning off the top of my head. But the article is good backround and will give you a better understanding of what actually should be modified.

http://www.codebase.ca/art/index.cgi/OS%20X/OSX_Workflow_Perms.html

Ah, hey, that's even better. I actually had heard of umask, but some things I'd read made it sound like it only affected that user, and that each client would have to do that separately. But I guess not, testing it now. Thank you!

--

And thanks a bunch for the additional hints, folks! Sudo timing out never even occurred to me, and the Codebase link's a much better resource than what I was able to find myself. The dangers of learning administration via Google.

What Yellow said above.

But.....just for the sake of argument, if you admin the machine, you could have just set a root cron job to change those permissions instead of mucking around with the whole passwd & sudo shenanigans. Umask is of course the right way to do it...but running a cron as root is just a thought you might want to keep handy to make it easier on yourself the next time you've got to set up a cron job to run something as a privileged user. ;-)