DistributedNetworks DistributedNetworks


Special File Types   «Prev  Next»
Lesson 11 Editing and controlling access to crontab
Objective

Editing, Controlling Access to crontab

Editing crontab entries

You will probably need to change existing crontab entries. When you do so, make sure that you edit the original file with a text editor such as edit, vi, or emacs, then run crontab on the file. Although it is possible to use the -e argument to edit a crontab entry, all versions of UNIX crontab work best when you edit the original source file. When you run crontab again, it will read the existing file, then re-enter it into the cron queue.
You can also use crontab to delete the existing file. If you use the -r argument with crontab, you delete more than one entry. This command discards the entire file for this user. Therefore, if you have multiple entries, you will have to re-create the file. Unless you have a specific reason to delete the entire file, your best option would be to use vi to edit the file to your preferences.

You must have root permissions to use crontab for other users.

Permissions and crontab

You can control who accesses crontab by creating two files. The name and location of these files are as follows:
/etc/cron.allow
/etc/cron.deny

If the cron.allow file exists, then you must specify every account that you want to allow access to crontab. The cron.allow file will override the cron.deny file. If the allow and deny files are missing, then all users may be able to access crontab, depending on which UNIX version you are using. For example, Linux systems allow any user access to crontab.
You should also note that if you use the -u option to create a crontab file for a specific user, then the crontab daemon will check that specific user's permissions before it executes the processes. If not, crontab will run according to the permissions of the user that created the crontab entry. This feature can become a security hole if you use your root permissions irresponsibly.

System variances

System V setups are quite flexible because they allow you to use cron with many user configuration files. However, BSD systems use one configuration file, and only root can use it. Linux systems are a hybrid because you can use the hosts.allow and hosts.deny files to manage cron access.
You can submit crontab entries to specific directories in HP-UX, SunOS, and AT&T systems. The directories are listed here according to operating system:

SunOS and HP-UX 10.X /var/spool/cron/crontabs
HP-UX /usr/spool/cron/crontabs. HP-UX allows one crontab per user, and cron will scan the passwd file for the user's login name and UID.

Controlling Access to Crontab-Exercise

Click this Exercise link below to demonstrate your understanding of creating crontab entries on Linux.
Controlling Access to Crontab-Exercise

Crontab Access Solaris-Exercise

Solaris

Click this Exercise link below to demonstrate your understanding of creating crontab entries on Solaris.
Crontab Access Solaris-Exercise