Today, continue on your path to RHCE certification. Learn about creating a new kernel the easy way, kernel sources, recompiling a kernel, and the cron and at systems. Take notes, because there's a test at the end. This comes from chapter five of Red Hat Certified Engineer Linux Study Guide (Exam RH302), fourth edition, by Michael Jang. (McGraw-Hill/Osborne, 2004, ISBN: 0-07-225365-7).
Each user can use the crontab command to create and manage cron jobs for their own accounts. There are four switches associated with the crontab command:
-u userAllows the root user to edit the crontab of another specific user.
-l Lists the current entries in the crontab file.
-r Removes cron entries.
-e Edits an existing crontab entry. By default, crontab uses vi.
If you want to set up cron entries on your own account, start with the crontab -e command. It opens the vi editor, where you can add the variables and commands of your choice, similar to what youíve seen in /etc/crontab.
Exercise 5-4 Create a cron Job
In this exercise, we will modify the basic Red Hat cron job settings to read a text file at 1:05 P.M. every Monday in the month of January. To do so, youíll need to create a directory for yearly cron jobs. To do this, use the following steps:
Log in as the root user.
Create a /etc/cron.yearly directory. Add a file called taxrem, which reads a text file from your home directory. A command such as the following in the taxrem file should suffice:
Make sure to add appropriate lines to the reminder file in your home directory.
Add an appropriate command to your /etc/crontab file. Based on the conditions described, it would read as follows:
5 13 * 1 1 root run-parts /etc/cron.yearly
Save and exit.
Running a Job with the at System
Like cron, the at daemon supports job processing. However, you can set an at job to be run once. Jobs in the cron system must be set to run on a regular basis. The at daemon works in a way similar to the print process; jobs are spooled in the /var/spool/at directory and run at the specified time.
You can use the at daemon to run the command or script of your choice. For the purpose of this section, assume that user michael has created a script named 7e7 in his home directory to process some airplane sales database to another file in the same directory called sales.
From the command line, you can run the at time command to start a job to be run at a specified time. That timecan be now, in a specified number of minutes, hours, or days, or at the time of your choice. I illustrate several examples in Table 5-5.
You can use one of the example commands shown in Table 5-5 to open an at job. It opens a different command line interface, where you can specify the command of your choice. Assume youíre about to leave work, and want to start the job in an hour. From the conditions specified above, youíd run the following commands:
$ at now + 1 hour at> /home/michael/7e7 > /home/michael/sales at> Ctrl-D
The CTRL-D command exits the at command shell and returns to your original command line interface. To check the status of your jobs, so you can see if it will work, run the following job queue command:
$ atq 1 2004-4-12 17:18 a michael
If thereís a problem with the job, you can remove it with the atrm command. For the output shown, youíd remove job number 1 with the following command:
$ atrm 1
Table 5-5 Examples of the at Command
at now + 10 minutes
Associated jobs will start in 10 minutes.
at now + 2 hours
Associated jobs will start in 2 hours.
at now + 1 day
Associated jobs will start in 24 hours.
at now + 1 week
Associated jobs will start in 7 days.
Associated jobs will start at 4:00 P.M.
at 3:00 6/13/04
Associated jobs will start on June 13, 2004, at 3:00 A.M.
Securing cron and at
You may not want everyone to be able to run a job in the middle of the night. If there is a security flaw in your system, someone may download important data or worse, and it could be days before you discover the security breach.
As with network firewalls, you can allow or deny users the privilege of using cron. You can set up users in /etc/cron.allow and /etc/cron.deny files. If these files donít exist, cron usage is not restricted. If users are named in /etc/cron.allow file, all other users wonít be able to use cron. If there is no /etc/cron.allow file, only users named in /etc/cron.deny canít use cron.
These files are formatted as one line per user; if you have the following entries in /etc/cron.deny and no /etc/cron.allow file, users elizabeth and nancy arenít allowed to set up their own cron commands:
You can secure access to the at system in the same way. The corresponding security configuration files are /etc/at.allow and /etc/at.deny.
This is part one from the fifth chapter of Red Hat Certified Engineer Linux Study Guide (Exam RH302), fourth edition, by Michael Jang. (McGraw-Hill/Osborne, 2004, ISBN: 0-07-225365-7). Check it out at your favorite bookstore today. Buy this book now.