The cron system is essentially a smart alarm clock. When the alarm sounds, Linux runs the commands of your choice automatically. You can set the alarm clock to run at all sorts of regular time intervals. Alternatively, the at system allows you to run the command of your choice, once, at a specified time in the future.
RHEL installs the cron daemon (crond) by default. It's configured to check the /var/spool/ cron directory for jobs by user. It also checks for scheduled jobs for the computer under /etc/ crontab and in the /etc/cron.d directory.
Because cron always checks for changes, you do not have to restart cron every time you make a change.
The behavior of the Linux cron is different from Unix, where the cron daemon wakes up only when it needs to launch a program.
The crontab file is set up in a specific format. Each line can be blank, a comment (which begins with #), a variable, or a command. Naturally, blank lines and comments are ignored.
When you run a regular command, the actions of the shell are based on environmental variables. To see the environmental variables, run the env command. Some of the standard variables in RHEL include HOME as your home directory, SHELL as the default shell, and LOGNAME as the username.
You can set different variables within the crontab file, or you can set environmental variables with the following syntax:
Some variables are already set for you. For example, MAIL for me is /var/spool/ mail/michael, LANG is en_US.UTF-8, and PATH is where the shell looks for commands. You can set these variables to different values in your crontab file. For example, the default /etc/crontab file includes the following variables:
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/
Note that the values of PATH, MAILTO, and HOME are different from those for the standard environment variables.
|On the Job|| |
The MAILTO variable can help you administer several Linux systems. The cron daemon sends output by e-mail. Just add a line such as MAILTOfirstname.lastname@example.org to route all cron messages associated with that file to that e-mail address.
Note how the PATH variable in a crontab may be different from the PATH variable associated with your shell. In fact, the two variables are independent. Therefore, you'll want to know the exact path of every command in your crontab. Specify the absolute path with the command if it isn't in the crontab PATH.
Here is the format of a line in crontab. Each of these columns is explained in more detail in Table 7-9.
#minute, hour, day of month, month, day of week, command * * * * * command
Based on a 24-hour clock; for example, 23 = 11 P.M.
day of month
1–12, or jan, feb, mar, etc.
day of week
0–7; where 0 and 7 are both Sunday; or sun, mon, tue, etc.
The command you want to run
If you see an asterisk in any column, cron runs that command for all possible values of that column. For example, an * in the minute field means that the command is run every minute during the specified hour(s). Consider another example, as shown here:
1 5 3 4 * ls
This line runs the ls command every April 3 at 5:01 A.M. The asterisk in the day of week column simply means that it does not matter what day of the week it is; crontab still runs the ls command at the specified time.
The crontab file is flexible. For example, a 7–10 entry in the hour field would run the specified command at 7:00 A.M., 8:00 A.M., 9:00 A.M., and 10:00 A.M. A list of entries in the minute field such as: 0,5,10,15,20,25,30,35,40,45,50,55 would run the specified command every five minutes. The cron daemon also recognizes abbreviations for months and the day of the week.
The actual command is the sixth field. You can set up new lines with a percent (%) symbol. This is useful for formatting standard input. The example of a cron file follows formats input for an e-mail message:
# crontab -l # Sample crontab file # # Force /bin/sh to be my shell for all of my scripts. SHELL=/bin/sh # Run 15 minutes past Midnight every Saturday 15 0 * * sat $HOME/scripts/scary.script # Do routine cleanup on the first of every Month at 4:30 AM 30 4 1 * * /usr/scripts/removecores >> /tmp/core.tmp 2>>&1 # Mail a message at 10:45 AM every Friday 45 10 * * fri mail -s "Project Update employees%Can I have a status update on your project?%%Your Boss.% # Every other hour check for alert messages 0 */2 * * * /usr/scripts/check.alerts
For more examples, review some of the scripts in the /etc/cron.daily directory. Three key scripts include logrotate, for rotating log files; mlocate.cron, which updates the locate file database; and tmpwatch, which wipes files from /tmp and /var/tmp after a specific amount of time.
|On the Job|| |
The only SELinux settings associated with cron disable protection for the daemon and enable access for the fcron scheduler, associated with the cron_disable_trans and fcron_crond booleans.
Each user can use the crontab command to create and manage cron jobs for their own accounts. There are four switches associated with the crontab command:
-u user Allows the root user to edit the crontab of another specific user.
-l Lists the current entries in the crontab file.
-r Removes cron entries.
-e Edits an existing crontab entry. By default, crontab uses vi.
If you want to set up cron entries on your own account, start with the crontab -e command. It opens the vi editor, where you can add the variables and commands of your choice, similar to what you've seen in /etc/crontab.
Exercise 7-2: Creating a cron Job
In this exercise, you will modify the basic Red Hat cron job settings to read a text file at 1:05 P.M. every Monday in the month of January. To do so, you'll need to create a directory for yearly cron jobs. To do this, use the following steps:
Log in as the root user.
Create a /etc/cron.yearly directory. Add a file called taxrem, which reads a text file from your home directory. A command such as the following in the taxrem file should suffice:
Make sure to add appropriate lines to the reminder file in your home directory.
Add an appropriate command to your /etc/crontab file. Based on the conditions described, it would read as follows:
5 13 * 1 1 root run-parts /etc/cron.yearly
Save and exit.
Like cron, the at daemon supports job processing. However, you can set an at job to be run once. Jobs in the cron system must be set to run on a regular basis. The at daemon works in a way similar to the print process; jobs are spooled in the /var/ spool/at directory and run at the specified time.
You can use the at daemon to run the command or script of your choice. For the purpose of this section, assume that user michael has created a script named 797 in his home directory to process some airplane sales database to another file in the same directory called sales.
From the command line, you can run the at time command to start a job to be run at a specified time. That time can be now; in a specified number of minutes, hours, or days; or at the time of your choice. Several examples are illustrated in Table 7-10.
at now + 10 minutes
Associated jobs will start in 10 minutes.
at now + 2 hours
Associated jobs will start in 2 hours.
at now + 1 day
Associated jobs will start in 24 hours.
at now + 1 week
Associated jobs will start in 7 days.
Associated jobs will start at 4:00 P.M.
at 3:00 6/13/07
Associated jobs will start on June 13, 2007, at 3:00 A.M.
You can use one of the example commands shown in Table 7-10 to open an at job. It opens a different command line interface, where you can specify the command of your choice. For this example, assume you're about to leave work, and want to start the job in an hour. From the conditions specified above, run the following commands:
$ at now + 1 hour at> /home/michael/797 > /home/michael/sales at> Ctrl-D
The CTRL-D command exits the at command shell and returns to your original command line interface. To check the status of your jobs, so you can see if it will work, run the following job queue command:
$ atq 1 2007-4-12 17:18 a michael
If there's a problem with the job, you can remove it with the atrm command. For the output shown, you'd remove job number 1 with the following command:
$ atrm 1
|On the Job|| |
There is no current SELinux setting associated with the at daemon.
You may not want everyone to be able to run a job in the middle of the night. If your system has a security flaw, someone may download important data or worse, and it could be days before you discover the security breach.
As with network firewalls, you can allow or deny users the privilege of using cron. You can set up users in /etc/cron.allow and /etc/cron.deny files. If these files don't exist, cron usage is not restricted. If users are named in /etc/cron.allow file, all other users won't be able to use cron. If there is no /etc/cron.allow file, only users named in /etc/cron.deny can't use cron.
These files are formatted as one line per user; if you include the following entries in /etc/cron.deny and no /etc/cron.allow file, users elizabeth and nancy aren't allowed to set up their own cron commands:
You can secure access to the at system in the same way. The corresponding security configuration files are /etc/at.allow and /etc/at.deny.
|On the Job|| |
If you shut down your Linux system at night, the anacron service runs those cron jobs that were scheduled during the down time.