linux cron tab

21
LINUX+ LAB SERIES (LX0-102) Lab 5: crontab and at Document Version: 2015-04-30 This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License. Development was funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48; The National Information Security, Geospatial Technologies Consortium (NISGTC) is an entity of Collin College of Texas, Bellevue College of Washington, Bunker Hill Community College of Massachusetts, Del Mar College of Texas, Moraine Valley Community College of Illinois, Rio Salado College of Arizona, and Salt Lake Community College of Utah. This workforce solution was funded by a grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties or assurances of any kind, express or implied, with respect to such information, including any information on linked sites, and including, but not limited to accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership.

Upload: jd

Post on 12-Dec-2015

47 views

Category:

Documents


2 download

DESCRIPTION

Linux Cron Tab

TRANSCRIPT

LINUX+ LAB SERIES (LX0-102)

Lab 5: crontab and at

Document Version: 2015-04-30

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Development was funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48; The National Information Security, Geospatial Technologies Consortium (NISGTC) is an entity of Collin College of Texas, Bellevue College of Washington, Bunker Hill Community College of Massachusetts, Del Mar College of Texas, Moraine Valley Community College of Illinois, Rio Salado College of Arizona, and Salt Lake Community College of Utah.

This workforce solution was funded by a grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties or assurances of any kind, express or implied, with respect to such information, including any information on linked sites, and including, but not limited to accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

1

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Contents

Introduction ........................................................................................................................ 2

Objective ............................................................................................................................. 2

Linux+ LX0-102 Exam Objectives ........................................................................................ 3

Lab Topology ....................................................................................................................... 4

Lab Settings ......................................................................................................................... 5

1 Scheduling Processes with the at Command .............................................................. 6

2 Controlling Access to the at Command .................................................................... 11

3 Scheduling Processes with the crontab Command .................................................. 12

4 Controlling Access to the crontab Command ........................................................... 15

5 Exploring System crontabs ........................................................................................ 17

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

2

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Introduction

This lab provides guidance on performing Lab 5: crontab and at of the Linux+ LX0-102 course, using a NETLAB+ system. By performing this lab, students will learn how to schedule processes to execute in the future using the at and crontab commands. Objective

The following tasks will be performed:

1. Learn how to schedule future tasks with the at command. 2. Limit access to the at command. 3. Learn how to schedule future recurring tasks with the crontab command. 4. Limit access to the crontab command. 5. Manage system crontabs.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

3

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ LX0-102 Exam Objectives

This lab will cover the topics for the following LX0-102 objectives: 107.2 Automate system administration tasks by scheduling jobs

1. Manage cron and at jobs. 2. Configure user access to cron and at services.

The following is a partial list of the used files, terms, and utilities:

a. /etc/cron.d{daily,hourly,monthly,weekly} b. /etc/at.deny c. /etc/at.allow d. /etc/crontab e. /etc/cron.allow f. /etc/cron.deny g. /var/spool/cron/* h. crontab i. at j. atq k. atrm

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

4

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Lab Topology

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

5

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Lab Settings

The information in the table below will be used to complete the lab. Additional details will be provided within the task sections as required.

System Username/Password

CentOS Server sysadmin/netlab123

Ubuntu Server sysadmin/netlab123

Fedora Workstation sysadmin/netlab123

Ubuntu Workstation sysadmin/netlab123

All Machines root/netlab123

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

6

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

1 Scheduling Processes with the at Command

There are circumstances where you may want to schedule a time in the future for a process to run. For instance, you might want to run the who command at 2AM to see who is logged on the system at this time. If you only want to run a command (or set of commands) one time in the future, you can use the at command to schedule this.

1. Click on the Fedora Workstation icon in the pod topology to launch the virtual machine.

2. The virtual machine will display a login screen. Make sure sysadmin is in the user field. Enter the password netlab123 and press Enter.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

7

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

3. Once you have logged in, a terminal window may appear. If it does not, click on the Kickoff Application Launcher, the “f”, in the lower left corner of the desktop. In the search bar, type konsole and click on Konsole, which will launch a terminal window:

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

8

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

4. Switch to the root user in the terminal window that opens: su -

netlab123

5. Run the following commands to schedule the who command to run at 2AM the following morning. Note that where you see <EOT> (in the screenshot below) you will be typing Control-D (^D):

at 2AM

at> who > /tmp/whothere

at> ^D

Your output should be similar to the following:

Note that if you do not redirect the output of at commands, the output will be emailed to you.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

9

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

6. The at command provides a very flexible system for specifying what time to run the command(s). Execute the following command and scroll down to read how to specify times:

man at

Your output should be similar to the following:

7. To see the at jobs that are scheduled for your account, use the atq command: atq

Your output should be similar to the following:

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

10

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

8. To remove an at job from the queue, use the atrm command as show below: atq

atrm 1

atq

Your output should be similar to the following:

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

11

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

2 Controlling Access to the at Command

1. To disallow access to the at command, add the user name to the /etc/at.deny file. Each line in this file should contain a single user name. In this case, open the /etc/at.deny file in the editor of your choice and add the following line:

sysadmin

Your output should be similar to the following:

2. To verify, exit from the root shell back to the sysadmin account and attempt to run the following at command:

exit

at 2AM

Your output should be similar to the following:

You could also make use of the /etc/at.allow file (which does not exist by default). If you create an /etc/at.allow file, then only the users listed in this file will be able to use the at command (the /etc/at.deny file will now be ignored). An empty /etc/at.deny file means all users can use the at command. If you delete both the /etc/at.deny and /etc/at.allow file, then only root can use the at command.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

12

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

3 Scheduling Processes with the crontab Command

1. To schedule a process to execute on a routine basis, use the crontab command. This command will bring you into an editor to edit your crontab file. Each line in the crontab file will contain 6 fields, separated by white-space. The first 5 fields describe the time to run the command and the last field is the command to run. To review the format of the time fields, run the following command and then scroll down:

man 5 crontab

Your output should be similar to the following:

2. As the sysadmin user, execute the following command to enter the crontab editor:

crontab -e

3. Optional step: By default, the crontab command uses the vi editor to modify the crontab file. If you would rather use a different editor, like gedit, you could now quit the vi editor by typing :q and then type the following commands:

export EDITOR=gedit

crontab -e

This example will not work in the lab environment, as gedit is not installed but is provided to

demonstrate the ability to change the editor.

4. After opening the editor, add the following line to execute the who command every Sunday night at 2AM:

0 2 * * 0 who >> /tmp/whothere

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

13

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

5. After verifying your work, exit the editor. To verify that the crontab file was successfully modified, type the following in the command line:

crontab -l

Your output should be similar to the following:

If you make a mistake, you will get an error message like the following:

To fix your mistake, type y and then press the Enter key. You will be placed back into the editor.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

14

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

6. Note that the actual crontab file is stored in /var/spool/cron, a directory that regular users can't access directly. Verify this by running the following commands:

ls /var/spool/cron

su - root

netlab123

ls /var/spool/cron

cat /var/spool/cron/sysadmin

exit

Your output should be similar to the following:

7. If you want to modify your crontab file or add more entries, use the crontab -e command again. In this case we are going to remove the entire crontab, so execute the following commands:

crontab -l

crontab -r

crontab -l

Your output should be similar to the following:

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

15

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

4 Controlling Access to the crontab Command

1. As a superuser, you can specify who can or cannot use the crontab command. First, execute the following to switch to the root account:

su –

netlab123

2. To disallow access to the crontab command, add a user name to the /etc/cron.deny file. Each line in this file should contain a single user name. In this case, open the /etc/cron.deny file in the editor of your choice and add the following line:

sysadmin

Your output should be similar to the following:

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

16

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

3. To verify, exit from the root shell back to the sysadmin account and attempt to run the following crontab command:

exit

crontab -e

Your output should be similar to the following:

You could also make use of the /etc/cron.allow file (which does not exist by default). If you create an /etc/cron.allow file, then only the users listed in this file will be able to use the crontab command (the /etc/cron.deny file will now be ignored). An empty /etc/cron.deny file means all users can use the crontab command. If you delete both the /etc/cron.deny and /etc/cron.allow file, then only root can use the crontab command.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

17

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

5 Exploring System crontabs

There are several maintenance tasks that need to be performed on a regular basis in order for the operating system and associated processes to stay in "good health". These tasks are not necessarily associated with any single user, so instead of creating a crontab file for a specific user, these tasks are placed into the /etc/crontab file or in files in the /etc/cron.d directory.

1. The default /etc/crontab file only contains basic variable setting and comments. Switch to the root account and view the /etc/crontab file:

su –

netlab123

cat /etc/crontab

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

18

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

2. Notice that there is "extra" field in this crontab file that was not in a regular user's crontab file: the user-name to run the command as. Use an editor of your choice to add the following line at the bottom of the /etc/crontab file:

0 2 * * 0 root who >> /tmp/whothere

Your output should be similar to the following:

3. To enable this, you may need to reboot (not ideal) or restart the crond service. Execute the following command to restart the crond service:

service crond restart

Your output should be similar to the following:

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

19

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

4. The crond daemon also looks in the /etc/cron.d directory for additional crontab files. These are internally "merged" together by the crond daemon with the /etc/crontab. Typically, these files are placed in this directory by software vendors who need to schedule regular processes. As an example, run the following commands to view the /etc/cron.d/smolt file:

ls /etc/cron.d

cat /etc/cron.d/smolt

Your output should be similar to the following:

Note that as the superuser, you rarely need to administer the files in /etc/cron.d. However, you should be aware of what they contain as they could pose a potential security risk.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

20

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

5. The crond daemon also looks in the following directories: /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly. These directories contain scripts (typically BASH shell scripts) that are run on a regular basis. For example, the scripts in /etc/cron.hourly are executed once an hour.

As an example, look at the /etc/cron.daily/tmpwatch file by executing the following commands:

ls /etc/cron.daily

cat /etc/cron.daily/tmpwatch

Your output should be similar to the following:

In this example, the /etc/cron.daily/tmpwatch script runs a binary command, which is also called tmpwatch. The purpose of this command is to routinely delete temporary files from directories like /tmp and /var/tmp.

Note that as the superuser, you rarely need to administer the files in these directories. These scripts are typically placed here during software installed by vendors who need tasks to be executed on a regular basis. However, you should be aware of what they contain as they could pose a potential security risk.

6. Click the X in the upper-right corner to close the terminal window. 7. Close the Fedora Workstation remote pc window. 8. Click the I’m Done button to end the reservation.