Certification Objective 5.07: The cron and at Systems

The cron system is essentially a smart alarm clock. When the alarm sounds, Linux runs the commands of your choice automatically. You can set the alarm clock to run at all sorts of regular time intervals. Alternatively, the at system allows you to run the command of your choice once, at a specified time in the future.

Red Hat configured the cron daemon, crond. By default, it checks a series of directories for jobs to run, every minute of every hour of every day. The crond checks the /var/spool/cron directory for jobs by user. It also checks for scheduled jobs for the computer under /etc/crontab and in the /etc/cron.d directory.

The behavior of the Linux cron is different from under Unix, where the cron daemon wakes up only when it needs to launch a program.

The System crontab and Components

The crontab file is set up in a specific format. Each line can be blank, a comment (which begins with #), a variable, or a command. Blank lines and comments are ignored.

When you run a regular command, the actions of the shell are based on environmental variables. To see your environmental variables, run the env command. Some of the standard variables in Red Hat Enterprise Linux include: HOME as your home directory, SHELL as the default shell, and LOGNAME as the username.

You can set different variables within the crontab file, or you can set environmental variables with the following syntax:

Variable=Value

Some variables are already set for you. For example, HOME is your home directory, SHELL is the user's default shell, and PATH is where the shell looks for commands. You can set these variables to different values in your crontab file. For example, the default /etc/crontab file includes the following variables:

SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/

Note that the values of PATH, MAILTO, and HOME are different from those for the standard environment variables.

Here is the format of a line in crontab. Each of these columns is explained in more detail in Table 5-4.

#minute, hour, day of month, month, day of week, command *        *     *             *      *            command 

If you see an asterisk in any column, cron runs that command for all possible values of that column. For example, an * in the minute field means that the command is run every minute during the specified hour(s). Take another example, as shown here:

1  5  3  4  *  ls

This line runs the ls command every April 3, at 5:01 A.M. The asterisk in the day of week column simply means that it does not matter what day of the week it is; crontab still runs the ls command at the specified time.

The crontab file is flexible. For example, a 7-10 entry in the hour field would run the specified command at 7:00 A.M., 8:00 A.M., 9:00 A.M., and 10:00 A.M. A list of entries in the minute field such as: 0,5,10,15,20,25,30,35,40,45,50,55 would run the specified command every five minutes. The cron daemon also recognizes abbreviations for months and the day of the week.

The actual command is the sixth field. You can set up new lines with a percent (%) symbol. This is useful for formatting standard input. The example that follows formats input for an e-mail message. Here is an example cron file:

# crontab -l # Sample crontab file # # Force /bin/sh to be my shell for all of my scripts. SHELL=/bin/sh # Run 15 minutes past Midnight every Saturday 15 0 * * sat   $HOME/scripts/scary.script # Do routine cleanup on the first of every Month at 4:30 AM 30 4 1 * *     /usr/scripts/removecores >> /tmp/core.tmp 2>>&1 # Mail a message at 10:45 AM every Friday 45 10 * * fri  mail -s "Project Update employees%Can I have a status update on your project?%%Your Boss.% # Every other hour check for alert messages 0 */2 * * * /usr/scripts/check.alerts

Setting Up cron for Users

Each user can use the crontab command to create and manage cron jobs for their own accounts. There are four switches associated with the crontab command:

• -u user Allows the root user to edit the crontab of another specific user.

• -l Lists the current entries in the crontab file.

• -r Removes cron entries.

• -e Edits an existing crontab entry. By default, crontab uses vi.

If you want to set up cron entries on your own account, start with the crontab -e command. It opens the vi editor, where you can add the variables and commands of your choice, similar to what you've seen in /etc/crontab.

Exercise 5-4: Create a cron Job

In this exercise, we will modify the basic Red Hat cron job settings to read a text file at 1:05 P.M. every Monday in the month of January. To do so, you'll need to create a directory for yearly cron jobs. To do this, use the following steps:

1. Log in as the root user.

2. Create a /etc/cron.yearly directory. Add a file called taxrem, which reads a text file from your home directory. A command such as the following in the taxrem file should suffice:

   cat ~/reminder

3. Make sure to add appropriate lines to the reminder file in your home directory.

4. Add an appropriate command to your /etc/crontab file. Based on the conditions described, it would read as follows:

   5 13 * 1 1 root run-parts /etc/cron.yearly

Save and exit.

Running a Job with the at System

Like cron, the at daemon supports job processing. However, you can set an at job to be run once. Jobs in the cron system must be set to run on a regular basis. The at daemon works in a way similar to the print process; jobs are spooled in the /var/spool/at directory and run at the specified time.

You can use the at daemon to run the command or script of your choice. For the purpose of this section, assume that user michael has created a script named 7e7 in his home directory to process some airplane sales database to another file in the same directory called sales.

From the command line, you can run the at time command to start a job to be run at a specified time. That time can be now, in a specified number of minutes, hours, or days, or at the time of your choice. I illustrate several examples in Table 5-5.

You can use one of the example commands shown in Table 5-5 to open an at job. It opens a different command line interface, where you can specify the command of your choice. Assume you're about to leave work, and want to start the job in an hour. From the conditions specified above, you'd run the following commands:

$ at now + 1 hour at> /home/michael/7e7 > /home/michael/sales at> Ctrl-D

The CTRL-D command exits the at command shell and returns to your original command line interface. To check the status of your jobs, so you can see if it will work, run the following job queue command:

$ atq 1       2004-4-12 17:18 a michael

If there's a problem with the job, you can remove it with the atrm command. For the output shown, you'd remove job number 1 with the following command:

$ atrm 1 

Securing cron and at

You may not want everyone to be able to run a job in the middle of the night. If there is a security flaw in your system, someone may download important data or worse, and it could be days before you discover the security breach.

As with network firewalls, you can allow or deny users the privilege of using cron. You can set up users in /etc/cron.allow and /etc/cron.deny files. If these files don't exist, cron usage is not restricted. If users are named in /etc/cron.allow file, all other users won't be able to use cron. If there is no /etc/cron.allow file, only users named in /etc/cron.deny can't use cron.

These files are formatted as one line per user; if you have the following entries in /etc/cron.deny and no /etc/cron.allow file, users elizabeth and nancy aren't allowed to set up their own cron commands:

elizabeth nancy

You can secure access to the at system in the same way. The corresponding security configuration files are /etc/at.allow and /etc/at.deny.