|
Softpanorama
(slightly skeptical)
Open Source Software Educational Society |
May the
source be with you,
but remember the KISS principle ;-)
|
Unix Cron
Cron is a task scheduler for unix servers. Most systems now use SysV cron
which permits each user can have their own scheduler table called crontab file
(all crontab files are stored in a read-protected directory). A emails
messages with output send to the user each time a command is executed; also, the
files "allow" and "deny" in /var/cron can be used to control access to the "crontab"
command (which serves for listing and editing of crontabs; direct access to them
is discouraged).
One line of cron table specifies one cron job. A cron job is a specific task
that runs a certain number of times per minute, day, week, or month on your
server. For example, you can use a cron job to automate a daily MySQL database
backup. The main problem with cron jobs is that if they aren't properly
configured they can cause high server loads which may result in suspension of
your site with your web host. If you are able, configure your cron job so that
the results of running the scheduled script are emailed to you.
There are two main ways by which you create a cron job on hosting Web
server. Using your administration panel ( most *nix webhosting control
panels offer some sort of interface to Cron) or using shell
access to your server. Panel is the easiest way; shell access requires
knowledge of UNIX editing commands.
Crontab has the structure shown in the table:
|
Field
|
Meaning
|
Allowed range
|
Example
|
|
1
|
Minutes that have to pass after the
selected hour in order to execute the task
|
0-59
|
30,
which means 30 minutes after the selected hour
|
|
2
|
Hours at which the task has to be executed
|
0-23
|
04,
which means at 4 O'clock in the morning
|
|
3
|
Days of the month on which this task has to
be executed
|
1-31
|
*, which
means that every day of the selected month
|
|
4
|
Months during which the task has to be
executed
|
1-12
|
3-5,
which means run the task in the months of March, April & May
First 3 letters of the Month name. Case doesn't matter. E.g. Jan
|
|
5
|
Days of the week on which this task has to
be run
|
0-7
|
* means
all days of the selected weeks Numeric value or first 3
letters of the Day name. Case doesn't matter (Sun or sun)
(0 or 7 is Sun, 1 is Mon...)
|
|
6
|
Name of the program (task) to be executed
|
Any program
|
|
Notes:
- Those pages are written by people for whom English is not a
native language. Some amount of grammar and spelling errors
should be expected.
- This is a Spartan WHYFF (We Help You For Free) site. It
cannot replace the best teachers and
the
best books.
- The site contain some obsolete pages as it develops like a
living tree... Some links on older pages
are broken. Please
try to use Google, Open directory, etc. to find a replacement link
(see
HOWTO search the WEB for details).
We would appreciate if you can
mail us a correct link.
|
|
Linux tip Controlling the duration of scheduled jobs
A very god article with a lot of examples
[ian@attic4 ~]$ cat ./runclock3.sh
#!/bin/bash
runtime=${1:-10m}
mypid=$$
# Run xclock in background
xclock&
clockpid=$!
echo "My PID=$mypid. Clock's PID=$clockpid"
ps -f $clockpid
#Sleep for the specified time.
sleep $runtime
kill -s SIGTERM $clockpid
echo "All done"
Listing 5 shows what happens when you execute runclock3.sh.
The final kill command confirms that the xclock
process (PID 9285) was, indeed, terminated.
Listing 5. Verifying the termination of
child processes
[ian@attic4 ~]$ ./runclock3.sh 5s
My PID=9284. Clock's PID=9285
UID PID PPID C STIME TTY STAT TIME CMD
ian 9285 9284 0 22:14 pts/1 S+ 0:00 xclock
All done
[ian@attic4 ~]$ kill -0 9285
bash: kill: (9285) - No such process
|
If you omit the signal specification, then SIGTERM is the
default signal. The SIG part of a signal name is
optional. Instead of using -s and a signal name,
you can just prefix the signal number with a -, so
the four forms shown in Listing 6 are equivalent ways of killing
process 9285. Note that the special value -0, as
used in Listing 4 above, tests whether a signal could be sent to
a process.
Listing 6. Ways to specify signals with the
kill command
kill -s SIGTERM 9285
kill -s TERM 9285
kill -15 9285
kill 9285
|
If you need just a one-shot timer to drive an application, such as you
have just seen here, you might consider the timeout
command, which is part of the AppleTalk networking package
(Netatalk). You may need to install this package (see
Resources below for details), since
most installations do not include it automatically.
Other termination conditions
You now have the basic tools to run a process for a fixed
amount of time. Before going deeper into signal handling, let's
consider how to handle other termination requirements, such as
repetitively capturing information for a finite time,
terminating when a file becomes a certain size, or terminating
when a file contains a particular string. This kind of work is
best done using a loop, such as for, while,
or until, with the loop executed repeatedly with
some built-in delay provided by the sleep command.
If you need finer granularity than seconds, you can also use the
usleep command.
You can add a second hand to the clock, and you can customize
colors. Use the showrgb command to explore
available color names. Suppose you use the command
xclock -bg Thistle -update 1& to start a clock with a
second hand, and a Thistle-colored background.
Now you can use a loop with what you have learned already to
capture images of the clock face every second and then combine
the images to make an animated GIF image. Listing 7 shows how to
use the xwininfo command to find the window id for
the xclock command. Then use ImageMagick
command-line tools to capture 60 clock face images at one-second
intervals (see Resources for details on
ImageMagick). And finally combine these into an infinitely
looping animated GIF file that is 50% of the dimensions of the
original clock.
Listing 7. Capturing images one second apart
[ian@attic4 ~]$ cat getclock.sh
#!/bin/bash
windowid=$(xwininfo -name "xclock"| grep '"xclock"' | awk '{ print $4 }')
sleep 5
for n in `seq 10 69`; do
import -frame -window $windowid clock$n.gif&
sleep 1s
# usleep 998000
done
convert -resize 50% -loop 0 -delay 100 clock?[0-9].gif clocktick.gif
[ian@attic4 ~]$ ./getclock.sh
[ian@attic4 ~]$ file clocktick.gif
clocktick.gif: GIF image data, version 89a, 87 x 96
|
Timing of this type is always subject to some variation, so the
import command to grab the clock image is run in the
background, leaving the main shell free to keep time.
Nevertheless, some drift is likely to occur because it does take
a finite amount of time to launch each subshell for the
background processing. This example also builds in a 5-second
delay at the start to allow the shell script to be started and
then give you time to click on the clock to bring it to the
foreground. Even with these caveats, some of my runs resulted in
one missed tick and an extra copy of the starting tick because
the script took slightly over 60 seconds to run. One way around
this problem would be to use the usleep command
with a number of microseconds that is enough less than one
second to account for the overhead, as shown by the commented
line in the script. If all goes as planned, your output image
should be something like that in Figure 2.
Figure 2. A ticking xclock
This example shows you how to take a fixed number of snapshots of some
system condition at regular intervals. Using the techniques
here, you can take snapshots of other conditions. You might want
to check the size of an output file to ensure it does not pass
some limit, or check whether a file contains a certain message,
or check system status using a command such as vmstat.
Your needs and your imagination are the only limits.
Signals and traps
If you run the getclock.sh script of Listing 7
yourself, and you close the clock window while the script is
running, the script will continue to run but will print error
messages each time it attempts to take a snapshot of the clock
window. Similarly, if you run the runclock3.sh
script of Listing 4, and press Ctrl-c in the terminal
window where the script is running, the script will immediately
terminate without shutting down the clock. To solve these
problems, your script needs to be able to catch or trap
some of the signals discussed in
Terminating a child process.
If you execute runclock3.sh in the background
and run the ps -f command while it is running, you
will see output similar to Listing 8.
Listing 8. Process information for
runclock3.sh
[ian@attic4 ~]$ ./runclock3.sh 20s&
[1] 10101
[ian@attic4 ~]$ My PID=10101. Clock's PID=10102
UID PID PPID C STIME TTY STAT TIME CMD
ian 10102 10101 0 06:37 pts/1 S 0:00 xclock
ps -f
UID PID PPID C STIME TTY TIME CMD
ian 4598 12455 0 Jul29 pts/1 00:00:00 bash
ian 10101 4598 0 06:37 pts/1 00:00:00 /bin/bash ./runclock3.sh 20s
ian 10102 10101 0 06:37 pts/1 00:00:00 xclock
ian 10104 10101 0 06:37 pts/1 00:00:00 sleep 20s
ian 10105 4598 0 06:37 pts/1 00:00:00 ps -f
[ian@attic4 ~]$ All done
[1]+ Done ./runclock3.sh 20s
|
Note that the ps -f output has three entries related to
the runclock3.sh process (PID 10101). In particular, the
sleep command is running as a separate process. One way
to handle premature death of the xclock process or the use of
Ctrl-c to terminate the running script is to catch these
signals and then use the kill command to kill the
sleep command.
There are many ways to accomplish the task of determining the
process for the sleep command. Listing 9 shows the latest
version of our script, runclock4.sh. Note the
following points:
- The
sleep command is explicitly run in the
background.
- The
wait command is used to wait for
termination of the sleep command.
- The first
trap command causes the
stopsleep function to be run whenever a SIGCHLD,
SIGINT, or SIGTERM signal is received. The PID of the
sleeper process is passed as a parameter.
- The
stopsleep function is run as the result
of a signal. It prints a status message and sends the
sleep command a SIGINT signal.
- When the
sleep command terminates, for
whatever reason, the wait command is satisfied.
Traps are then cleared, and the xclock command
is terminated.
Listing 9. Trapping signals with
runclock4.sh
[ian@attic4 ~]$ cat runclock4.sh
#!/bin/bash
stopsleep() {
sleeppid=$1
echo "$(date +'%T') Awaken $sleeppid!"
kill -s SIGINT $sleeppid >/dev/null 2>&1
}
runtime=${1:-10m}
mypid=$$
# Enable immediate notification of SIGCHLD
set -bm
# Run xclock in background
xclock&
clockpid=$!
#Sleep for the specified time.
sleep $runtime&
sleeppid=$!
echo "$(date +'%T') My PID=$mypid. Clock's PID=$clockpid sleep PID=$sleeppid"
# Set a trap
trap 'stopsleep $sleeppid' CHLD INT TERM
# Wait for sleeper to awaken
wait $sleeppid
# Disable traps
trap SIGCHLD
trap SIGINT
trap SIGTERM
# Clean up child (if still running)
echo "$(date +'%T') terminating"
kill -s SIGTERM $clockpid >/dev/null 2>&1 && echo "$(date +'%T') Stopping $clockpid"
echo "$(date +'%T') All done"
|
Listing 10 shows the output from running runclock4.sh
three times. The first time, everything runs to its natural
completion. The second time, the xclock is
prematurely closed. And the third time, the shell script is
interrupted with Ctrl-c.
Listing 10. Stopping runclock4.sh in
different ways
[ian@attic4 ~]$ ./runclock4.sh 20s
09:09:39 My PID=11637. Clock's PID=11638 sleep PID=11639
09:09:59 Awaken 11639!
09:09:59 terminating
09:09:59 Stopping 11638
09:09:59 All done
[ian@attic4 ~]$ ./runclock4.sh 20s
09:10:08 My PID=11648. Clock's PID=11649 sleep PID=11650
09:10:12 Awaken 11650!
09:10:12 Awaken 11650!
[2]+ Interrupt sleep $runtime
09:10:12 terminating
09:10:12 All done
[ian@attic4 ~]$ ./runclock4.sh 20s
09:10:19 My PID=11659. Clock's PID=11660 sleep PID=11661
09:10:22 Awaken 11661!
09:10:22 Awaken 11661!
09:10:22 Awaken 11661!
[2]+ Interrupt sleep $runtime
09:10:22 terminating
09:10:22 Stopping 11660
./runclock4.sh: line 31: 11660 Terminated xclock
09:10:22 All done
|
Note how many times the stopsleep function is called as
evidenced by the "Awaken" messages. If you are not sure why, you
might try making a separate copy of this function for each
interrupt type that you catch and see what causes the extra
calls.
You will also note that some job control messages tell you
about termination of the xclock command and
interrupting the sleep command. When you run a job
in the background with default bash terminal settings, bash
normally catches SIGCHLD signals and prints a message after
the next terminal output line is printed. The set -bm
command in the script tells bash to report SIGCHLD signals
immediately and to enable job control monitoring, The alarm
clock example in the next section shows you how to suppress
these messages.
An alarm clock
Our final exercise returns to the original problem that
motivated this article: how to record a radio program. We will
actually build an alarm clock. If your laws allow recording of
such material for your proposed use, you can build a recorder
instead by adding a program such as vsound.
For this exercise, we will use the GNOME rhythmbox
application to illustrate some additional points. Even if you
use another media player, this discussion should still be
useful.
An alarm clock could make any kind of noise you want,
including playing your own CDs, or MP3 files. In central North
Carolina, we have a
radio station,
WCPE, that broadcasts classical music 24 hours a day. In
addition to broadcasting, WCPE also streams over the Internet in
several formats, including Ogg Vorbis. Pick your own streaming
source if you prefer something else.
To start rhythmbox from an X Windows terminal session playing
the WCPE Ogg Vorbis stream, you use the command shown in Listing
11.
Listing 11. Starting rhythmbox with the WCPE
Ogg Vorbis stream
rhythmbox --play http://audio-ogg.ibiblio.org:8000/wcpe.ogg
|
The first interesting point about rhythmbox is that the
running program can respond to commands, including a command to
terminate. So you don't need to use the kill
command to terminate it, although you still could if you wanted
to.
The second point is that most media players, like the clock
that we have used in the earlier examples, need a graphical
display. Normally, you run commands with the cron
and at facilities at some point when you may not be
around, so the usual assumption is that these scheduled jobs
do not have access to a display. The rhythmbox
command allows you to specify a display to use. You probably
need to be logged on, even if your screen is locked, but you can
explore those variations for yourself. Listing 12 shows the
alarmclock.sh script that you can use for the basis
of your alarm clock. It takes a single parameter, which
specifies the amount of time to run for, with a default of one
hour.
Listing 12. The alarm clock - alarmclock.sh
[ian@attic4 ~]$ cat alarmclock.sh
#!/bin/bash
cleanup () {
mypid=$1
echo "$(date +'%T') Finding child pids"
ps -eo ppid=,pid=,cmd= --no-heading | grep "^ *$mypid"
ps $playerpid >/dev/null 2>&1 && {
echo "$(date +'%T') Killing rhythmbox";
rhythmbox --display :0.0 -quit;
echo "$(date +'%T') Killing rhythmbox done";
}
}
stopsleep() {
sleeppid=$1
echo "$(date +'%T') stopping $sleeppid"
set +bm
kill $sleeppid >/dev/null 2>&1
}
runtime=${1:-1h}
mypid=$$
set -bm
rhythmbox --display :0.0 --play http://audio-ogg.ibiblio.org:8000/wcpe.ogg&
playerpid=$!
sleep $runtime& >/dev/null 2>&1
sleeppid=$!
echo "$(date +'%T') mypid=$mypid player pid=$playerpid sleeppid=$sleeppid"
trap 'stopsleep $sleeppid' CHLD INT TERM
wait $sleeppid
echo "$(date +'%T') terminating"
trap SIGCHLD
trap SIGINT
trap SIGTERM
cleanup $mypid final
wait
|
Note the use of set +bm in the stopsleep
function to reset the job control settings and suppress the
messages that you saw earlier with runclock4.sh
Listing 13 shows an example crontab that will
run the alarm from 6 a.m. to 7 a.m. each weekday (Monday to
Friday) and from 7 a.m. for two hours each Saturday and from
8:30 a.m. for an hour and a half each Sunday.
Listing 13. Sample crontab to run your alarm
clock
0 6 * * 1-6 /home/ian/alarmclock.sh 1h
0 7 * * 7 /home/ian/alarmclock.sh 2h
30 8 * * 0 /home/ian/alarmclock.sh 90m
|
Refer to our previous tip
Job scheduling with cron and at to learn how to set your own
crontab for your new alarm clock.
In more complex tasks, you may have several child processes.
The cleanup routine shows how to use the ps command
to find the children of your script process. You can extend the
idea to loop through an arbitrary set of children and terminate
each one.
Learn more
If you'd like to know more about administrative tasks in
Linux, read the tutorial "LPI
exam 102 prep: Administrative tasks,", or see the other
Resources below. Don't forget to
rate this page and let us know what other
tips you'd like to see.
Resources
Learn
Date: Sat, 14 Sep 1996 19:50:55 -0400 (EDT)
From: Bill Duncan <bduncan@beachnet.org>
Subject: find tip...
Hi Jim Murphy,
Saw your "find" tip in issue #9, and thought you might like a quicker method.
I don't know about other distributions, but Slackware and Redhat come with
the GNU versions of locate(1) and updatedb(1) which use an index to find the
files you want. The updatedb(1) program should be run once a night from the
crontab facility. To ignore certain sub-directories (like your /cdrom) use
the following syntax for the crontab file:
41 5 * * * updatedb --prunepaths="/tmp /var /proc /cdrom" > /dev/null 2>&1
This would run every morning at 5:41am, and update the database with
filenames from everywhere but the subdirectories (and those below) the ones
listed.
#3959 crontab administration usage and troubleshooting techniques
Common Problems/Questions and
Solutions/Answers:
Q: I edited the crontab file but the
commands still don't get executed.
A: Be sure user is not editing the crontab
file directly with a simple text editor such as vi. Use crontab -e
which will invoke
the vi editor and then signal cron that changes have been made. Cron will
only read the crontab file when the daemon
is started, so if crontab has been edited directly, cron will need to be
killed, /etc/cron.d/FIFO removed, and the cron daemon
restarted in order to recover the situation.
'''Q: I deleted all my crontab entries using
crontab -e but crontab -l shows that they are still there.'''
A: Use crontab -r to remove an entire
crontab file. Crontab -e does not know what to do with empty files,
so it does not update any changes.
Q: Can I use my **** editor ?
A: Yes, by setting the environment variable
EDITOR to ****.
Q: Why do I receive email when my
cron job dies?
A: Because there is no standard output for it to write to. To avoid this,
redirect the output of the command to a
device (/dev/console, /dev/null) or a file.
Q: If I have a job that is running
and my system goes down, will that job complete once the system is brought
back up?
A: No, the job will not run again or pick up
where it left off.
Q: If a job is scheduled to run at a
time when the system is down, will that job run once the system is brought
back up?
A: No, the job will not be executed once the
system comes back up.
Q: How can I check if my cron is
running correctly ?
A: Add the entry * * * * * date >
/dev/console to your crontab file. It should print the date in the
console every minute.
Q: How can I regulate who can use the
cron.
A: The file /var/spool/cron/cron.allow can be used to regulate who can
submit cron jobs.
If /var/spool/cron/cron.allow does not
exist, then crontab checks /var/spool/cron/cron.deny to see who should
not be
allowed to submit jobs.
If both files are missing only root can run
cron jobs.
TROUBLESHOOTING CRON
If a user is experiencing a problem with cron,
ask the user the following few questions to help debug the problem.
1. Is the cron daemon running?
#ps -ef |grep cron
2. Is there any cron.allow/deny file?
#ls -lt /etc/cron*
3. Is it the root crontab or a non-su crontab?
#crontab -e "USER NAME"
4. If you are calling a script through crontab,
does the script run from the command line?
Run the script at the command line and look for errors
5. Check that the first 5 fields of an entry
are VALID or NOT commented out.
(minute, hours, day of the month, month and weekday)
6. Check for crontab related
patches.
(check with sunsolve and the solaris version installed on the system
for exact patch match)
7. Check for recommended and security related
patches?
(recommend to the customer to install all recommended and security patches
relevant to the OS installed)
8. How did you edit crontab?
#crontab -e "user name"
9. How did you stop/kill the cron daemon?
#/etc/init.d/cron stop and start
crontab_header
Many times admins forget the field order of the crontab file
and alway reference the man pages over-and-over.
Make your life easy. Just put the field definitions in your crontab file
and comment (#) the lines out so the crontab file ignores it.
# minute (0-59),
# | hour (0-23),
# | | day of the month (1-31),
# | | | month of the year (1-12),
# | | | | day of the week (0-6 with 0=Sunday).
# | | | | | commands
3 2 * * 0,6 /some/command/to/run
3 2 * * 1-5 /another/command/to/run
crontab
Users are permitted to use crontab if their names
appear in the file /usr/lib/cron/cron.allow. If that file does not
exist, the file /usr/lib/cron/cron.deny is checked to determine if the
user should be denied access to crontab. If neither file exists, only
a process with appropriate privileges is allowed to submit a job. If only
cron.deny exists and is empty, global usage is permitted. The
cron.allow and cron.deny files consist of one user name per line.
Sun_Solaris_AuditGuide
if
both cron.allow and cron.deny files exist the cron.deny is ignored.
This can be accomplished by
either listing users permitted to use the command in the file /var/spool/cron/cron.allow
and the /var/spool/cron/at.allow or in the list of user not permitted
to access the command in the file /var/spool/cron/cron.deny.
ONLamp.com Getting Cron to Do Our Bidding by
Dru Lavigne 09/27/2000
Introduction
to UNIX cron and at Utilities by by John Raithel This article first appeared
in Linux Journal
Newbie
Intro to cron
wincron user's Guide
WinCron for Windows
cron.pm Cron - cron-like scheduler for Perl subroutines
How
to Use the Cron and Crontab commands
UNIX Shell Script
Tutorials & Reference
Howtos Remote backup using
ssh, tar and cron
Simple
shared logging
LJ Take
Command cron: Job Scheduler by Michael S. Keller
Have you ever wandered near your Linux box in
the middle of the night, only to discover the hard disk working furiously? If
you have, or just want a way for some task to occur at regular intervals,
cron is the answer.
Debian
GNU-Linux -- cron
Debian
GNU-Linux -- anacron a cron-like program
that does not assume that the system is running continuously.
Anacron (like `anac(h)ronistic')
is a periodic command scheduler. It executes commands at intervals specified
in days. Unlike cron, it does not assume that the system is running
continuously. It can therefore be used to control the execution of
daily, weekly and monthly jobs (or anything with a period of n days), on
systems that don't run 24 hours a day. When installed and configured
properly, Anacron will make sure that the commands are run at the specified
intervals as closely as machine-uptime permits.
This package is pre-configured to execute the daily jobs of
the Debian system. You should install this program if your system isn't
powered on 24 hours a day to make sure the maintenance jobs of other Debian
packages are executed each day.
CSSA-1999-023.0.txt
crontab command creates, lists or edits the file containing control
statements to be interpreted by the cron command (cron table). Each
statement consists of a time pattern and a command. The cron program
reads your crontab file and executes the commands at the time specified in the
time patterns. The commands are usually executed by a Bourne shell (sh).
The crontab command reads a file or the standard input to a directory
that contains all users' crontab files. You can use crontab to remove
your crontab file or display it. You cannot access other users' crontab files in
the crontab directory.
COMMAND FORMAT
Following is the general format of the crontab command.
crontab [ file ]
crontab -e [ username ]
crontab -l [ username ]
crontab -r [ username ]
Options
The following options may be used to control how crontab functions.
| -e | Edit your crontab file using the editor defined by the
EDITOR variable. |
| -r | Removes your current crontab file. If username is specified then
remove that user's crontab file. Only root can remove other users' crontab
files. |
| -l | List the contents of your current crontab file. |
Crontab File Format
The crontab file contains lines that consist of six fields separated by
blanks (tabs or spaces). The first five fields are integers that specify the
time the command is to be executed by cron. The following table defines the
ranges and meanings of the first five fields.
|
| Field | Range | Meaning |
|
| 1 | 0-59 | Minutes |
| 2 | 0-23 | Hours (Midnight is 0, 11 P.M. is 23) |
| 3 | 1-31 | Day of Month |
| 4 | 1-12 | Month of the Year |
| 5 | 0-6 | Day of the Week (Sunday is 0, Saturday is 6) |
|
Each field can contain an integer, a range, a list, or an asterisk (*). The
integers specify exact times. The ranges specify a range of times. A list
consists of integers and ranges. The asterisk (*) indicates all legal values
(all possible times).
The following examples illustrate the format of typical crontab time
patterns.
|
| Time Pattern | Description |
|
| 0 0 * * 5 | Run the command only on Thursday at midnight. |
| 0 6 1,15 * 1 | Run the command at 6 a.m. on the first and fifteenth of each month and
every Monday. |
| 00,30 7-20 * * * | Run the command every 30 minutes from 7 a.m. to 8 p.m. every day. |
|
NOTE:
The day of the week and day of the month fields are interpreted separately if
both are defined. To specify days to run by only one field, the other field
must be set to an asterisk (*). In this case the asterisk means that no times
are specified.
The sixth field contains the command that is executed by cron at the
specified times. The command string is terminated by a new-line or a percent
sign (%). Any text following the percent sign is sent to the command as standard
input. The percent sign can be escaped by preceding it with a backslash (\%).
A line beginning with a # sign is a comment.
Each command in a crontab file is executed via the shell. The shell is
invoked from your HOME directory (defined by $HOME variable). If you wish to
have your (dot) .profile executed, you must specify so in the crontab file. For
example,
0 0 * * 1 . ./.profile ; databaseclnup
would cause the shell started by cron to execute your .profile, then
execute the program databaseclnup. If you do not have your own .profile
executed to set up your environment, cron supplies a default environment.
Your HOME, LOGNAME, SHELL, and PATH variables are set. The HOME and LOGNAME are
set appropriately for your login. SHELL is set to /bin/sh and PATH is set to
:/bin:/usr/bin:/usr/lbin.
NOTE:
Remember not to have any read commands in your .profile which prompt
for input. This causes problems when the cron job executes.
Command Output
If you do not redirect the standard output and standard error of a command
executed from your crontab file, the output is mailed to you.
Access
To use the crontab command you must have access permission. Your
system administrator can make the crontab command available to all users,
specific users, or no users. Two files are used to control who can and cannot
access the command. The cron.allow file contains a list of all users who are
allowed to use crontab. The cron.deny file contains a list of all users
who are denied access to crontab. If the cron.allow file exists but is
empty, then all users can use the crontab command. If neither file
exists, then no users other than the super-user can use crontab.
Displaying your crontab
If you have a crontab file in the system crontab area, you can list it by
typing crontab -l. If you do not have a crontab file, crontab
returns the following message:
crontab: can't open your crontab file.
DIAGNOSTICS AND BUGS
The crontab command will complain about various syntax errors and time
patterns not being in the valid range.
CAUTION:
If you type crontab and press Return without a filename, the
standard input is read as the new crontab entries. Therefore, if you
inadvertently enter crontab this way and you want to exit without destroying
the contents of your current crontab file, press the Del key. Do not press
the Ctrl-D key; if you do, your crontab file will only contain what you have
currently typed.
Related Commands
| /usr/sbin/cron.d | The main directory for the cron process. |
| /usr/sbin/cron.d/log | Accounting information for cron processing. |
| /usr/sbin/cron.d/crontab.allow | A file containing a list of users allowed to use crontab. |
| /usr/sbin/cron.d/crontab.deny | A file containing a list of users not allowed to use crontab. |
| /usr/spool/cron/crontabs | Location of crontab text to be executed. |
Crontab supports two files:
/etc/cron.allow
/etc/cron.deny
If cron.allow exists then you MUST be listed in it to use crontab (so make
sure all the system accounts like root are listed), this is very effective for
limiting cron to a small number of users. If cron allow does not exists, then
cron.deny is checked and if it exists then you will not be allowed to use
crontab unless you are listed ("locked out")
In both cases users are listed one per line, so you can use something like:
cat /etc/passwd | cut -d":" -f 1 | fgrep -v `cat cron.deny` > /etc/cron.allow
To populate it and then delete all system accounts and unnnessary user
accounts.
allow
users crontab access
I assume you are on a Linux system. Then, you
have a small syntax error in viewing other users crontabs, try "crontab -l -u
username" instead.
Here is how it works: Two config files, /etc/cron.deny
and /etc/cron.allow (on SuSE systems these files are /var/spool/cron.deny and
.../allow), specify who can use crontab.
If the allow file exists, then it contains a list of all users that may
submit crontabs, one per line. No unlisted user can invoke the crontab
command. If the allow file does not exist, then the deny file is
checked.
If neither the allow file nor the deny file exists, only root can submit
crontabs.
This seems to be your case, so you should create one of these files ... on my
system I have a deny file just containing user "guest", so all others are
allowed.
One caveat: this access control is implemented
by crontab, not by cron. If a user manages to put a crontab file into the
appropriate directory by other means, cron will blindly execute ...
[from the book "Linux Administration Handbook"
by Nemeth/Snyder/Hein and validated locally here]
docs.sun.com
System Administration Guide Advanced Administration Controlling Access to
the crontab.
You can control access to the
crontab command by
using two files in the /etc/cron.d
directory: cron.deny
and cron.allow.
These files permit only specified users to perform the
crontab command tasks such
as creating, editing, displaying, or removing their own
crontab files.
The
cron.deny and
cron.allow files consist of a list of user
names, one per line. These access control files work together as follows:
- If
cron.allow exists, only the users listed
in this file can create, edit, display, or remove
crontab files.
- If
cron.allow does not exist, all users can
submit crontab
files, except for users listed in cron.deny.
- If neither
cron.allow nor
cron.deny exists,
superuser privileges are required to run the
crontab command.
Superuser privileges are required to
edit or create the cron.deny
and cron.allow
files.
The
cron.deny file, created during SunOS software
installation, contains the following user names:
daemon
bin
smtp
nuucp
listen
nobody
noaccess
None of the user names in the default
cron.deny file
can access the crontab
command. You can edit this file to add other user names that will be denied
access to the crontab
command.
No default
cron.allow file is
supplied. So, after Solaris software installation, all users (except the ones
listed in the default cron.deny
file) can access the crontab
command. If you create a cron.allow
file, only these users can access the crontab
command.
To verify if a specific user can access
crontab, use
the crontab -l
command while you are logged into the user account. $
crontab -l
If the user can access
crontab, and already has
created a crontab
file, the file is displayed. Otherwise, if the user can access
crontab but no
crontab file exists,
a message such as the following is displayed: crontab: can't open your
crontab file
This user either is listed in
cron.allow (if the
file exists), or the user is not listed in
cron.deny.
If the user cannot access the
crontab command, the
following message is displayed whether or not a previous
crontab file exists:
crontab: you are not authorized to use cron. Sorry.
This message means that either the user
is not listed in cron.allow
(if the file exists), or the user is listed in
cron.deny.
Determining if you have crontab access is
relatively easy. A Unix system administrator has two possible files to help
manage the use of crontab. The administrator can explicitly give permission
to specific users by entering their user identification in the file:
/etc/cron.d/cron.allow
Alternatively, the administrator can let
anyone use crontab and exclude specific user with the file:
/etc/cron.d/cron.deny
To determine how your system is configured,
first enter the following at the command line:
more /etc/cron.d/cron.allow
If you get the message, "/etc/cron.d/cron.allow:
No such file or directory" you're probably in fat city. One last step, make
sure you are not specifically excluded. Go back to the command line and
enter:
more /etc/cron.d/cron.deny
If the file exists and you're not included
therein, skip to setup instruction. If there are entries
in the cron.allow file, and you're not among the chosen few, or if you are
listed in the cron.deny file, you will have to contact the administrator and
tell him/her you are an upstanding citizen and would like to be able to
schedule crontab jobs.
In summary, users are permitted to use crontab
if their names appear in the file /etc/cron.d/cron.allow. If that file does
not exist, the file /etc/cron.d/cron.deny is checked to determine if the user
should be denied access to crontab. If neither file exists, only the system
administrator -- or someone with root access -- is allowed to submit a job.
If cron.allow does not exist and cron.deny exists but is empty, global usage
is permitted. The allow/deny files consist of one user name per line.
Copyright © 1996-2007 by Dr. Nikolai Bezroukov.
www.softpanorama.org was
created as a service to the UN Sustainable Development Networking Programme (SDNP)
in the author free time.
Submit
comments This document is an industrial compilation designed and created
exclusively for educational use and is placed under the copyright of the
Open Content License(OPL).
Original materials copyright belong to respective owners. Quotes are made
for educational purposes only in compliance with the fair use doctrine.
Standard disclaimer: The statements, views and opinions presented on
this web page are those of the author and are not endorsed by, nor do they necessarily
reflect, the opinions of the author present and former employers, SDNP or any other
organization the author may be associated with. We do not warrant the correctness
of the information provided or its fitness for any purpose.
Last modified:
March 15, 2008
