05-11-2012
We never allow users permissions for cron. This is a quality control and scheduling decision and not a security issue as such. We use "su" from the root cron to execute scripts in the name of the user and have automated scripts to check the cron log and the root mail file for errors.
There was a thread on unix.com recently where a badly-written user cron executed a command which hung. After a while the cron queue limit was exceeded and the system crons stopped running.
I had a trusted contractor who had access to run "at" jobs but not to run "cron" jobs. After he left a process stopped working after a reboot. It turned out (after a lot of detective work) that he was using self-spawning "at" jobs to stop/start the background processes. Ever since then all automated start/stop scripts have been tested from cron at the same time that the code is tested.
7 More Discussions You Might Find Interesting
1. Cybersecurity
We are trying to implement a NAS solution with UNIX servers and multiple networks, and I've heard that NFS has security issues with lockd and statd.
The security issue as it was explained to me is that these services are subject to vulnerabilities/exploits, and that users who connect to Unix... (1 Reply)
Discussion started by: onceagain
1 Replies
2. Shell Programming and Scripting
I am on AS3 Update 4 Linux
and am having an issue with an automated ftp script, I tried using the fd/sub proc method and that did not seem to work either. I normally use the following method to perform my ftp's but for some reason it works if I launch the script at the command line but in Cron it... (4 Replies)
Discussion started by: bryanthomas
4 Replies
3. Solaris
I am having some issues with my cronjobs not running in solaris 10.
Cron is running:
~> ps -ef | grep cron
root 202 1 0 Jul 18 ? 0:01 /usr/sbin/cron
bender 1646 1562 0 01:57:49 syscon 0:00 grep cron
crontab -l lists the cronjob and I *think* its in the... (8 Replies)
Discussion started by: ippy98
8 Replies
4. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
If you look at the permissions associated with a symbolic link, it has universal access. Does this lead to... (0 Replies)
Discussion started by: linux17
0 Replies
5. Shell Programming and Scripting
Hi all, I am trying to run a cronjob to push my files to my git repo once a week and output a prompt to a logfile, my script works fine if I invoke it manually but my cronjob wont run for some reason, I have sourced the file, and restarted my Mac to no avail, right now I believe I have the cronjob... (8 Replies)
Discussion started by: gmenfan83
8 Replies
6. AIX
Hello everyone,
I have an AIX 6.1 machine and i experienced a problem with my cron scripts. It appears that somebody renamed a cron script so crontab could not execute it.
Is there a way to put some security on cron scripts so nobody else except root can rename or delete a cron script? Or they... (6 Replies)
Discussion started by: omonoiatis9
6 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I have a very simple script that queries from a DB2 table. The script has 3 parts - (i) Sets the db2profile (ii) connects to db2 using credentials (iii) executes the query.This script works fine if i run it manually from the command prompt. However when scheduled in crontab, it proceeds... (2 Replies)
Discussion started by: VeePee
2 Replies
cron(8) System Manager's Manual cron(8)
NAME
cron - The system clock daemon
SYNOPSIS
/usr/sbin/cron
DESCRIPTION
The cron daemon runs shell commands at specified dates and times. Commands that are to run according to a regular or periodic schedule are
found within the crontab files. Commands that are to run once only are found within the at files. You submit crontab and at file entries
by using the crontab and at commands. Because the cron process exits only when killed or when the system stops, only one cron daemon
should exist on the system at any given time. Normally, you start the cron daemon from within a run command file.
During process initialization and when cron detects a change, it examines the crontab and at files. This strategy reduces the overhead of
checking for new or changed files at regularly scheduled intervals. The cron command creates a log of its activities. The cron daemon
must be started from the system startup scripts because it must begin execution without a login user ID set. The cron daemon starts each
job with the following process attributes stored with the job by the invoking process: Login user ID Effective and real user IDs Effective
and real group IDs Supplementary groups
It also establishes the following attributes from the authentication profile of the account associated with the login user ID of the invok-
ing process: Audit control and disposition masks Kernel authorizations
DIAGNOSTICS
The at and batch programs will refuse to accept jobs submitted from processes whose login user ID is different from the real user ID.
FILES
Specifies the command path. Main cron directory Directory containing the crontab files. List of allowed users. List of denied users His-
tory information for cron Queue description file for at, batch, and cron
RELATED INFORMATION
Commands: at(1), crontab(1), rc0(8), rc2(8), rc3(8)
Files: queuedefs(4) delim off
cron(8)