The crontab program is used to install, deinstall, or list the tables used to drive the cron daemon in Vixie
Cron. The crontab program allows an administrator to perform specific tasks on a regularly-scheduled
basis without logging in. Users can have their own crontabs that allow them to create jobs that will run at
given times. A user can create a crontab file with the help of this command. The crontab command
generally goes through these steps:
1. Parses command-line options to determine if the crontab file is to be created, listed, edited or
replaced.
2. Checks if the user is authorized to use this command. If the /etc/cron.allow file exists, only
users listed in that file are allowed to use this command. If the /etc/cron.deny file exists, then
users listed in that file are not allowed to use this command. It generates an audit record if a user is
not allowed to use it.
3. If listing, crontab invokes the list_cmd() routine to list the existing crontab file. It
generates an audit record to log the listing of crontab files.
4. If deleting, crontab invokes the delete_cmd() routine to delete the existing crontab file. It
generates an audit record to log the deletion of an existing crontab file.
5. If editing a crontab, it invokes the edit_cmd() routine to edit the existing crontab file. It
generates audit record to log modification of an existing crontab file.
6. If replacing a crontab, crontab invokes the replace_cmd() routine to replace the existing
crontab file. After the edit and replace option, crontab ensures that the modified new crontab
file is owned by root and has an access mode of 600. It generates an audit record to log the
replacement of an existing crontab file.
crontab files are created in the /var/spool/cron/ directory and are created with the login name of
the respective user. This establishes the identity of the user on whose behalf commands will be executed.
Since the /var/spool/cron directory is owned by root and has an access mode of 700, normal users
cannot schedule jobs in the name of other users.
5.14.1.2 at
The at command executes commands at a specified time and optional date. The commands are read from
standard input or from a file. at is also used for performing maintenance, such as listing and removing
existing jobs. at generally follows these steps:
1. Registers if it was called as at, atq or atrm, to create at jobs, list at jobs, or remove at jobs,
respectively.
2. Checks to ensure that the user is allowed to use this command. at command can always be issued by
a privileged user. Other users must be listed in the file /etc/at.allow if it exists; otherwise, they
must not be listed in /etc/at.deny. If neither file exists, only a privileged user can issue the
command. If a user is not allowed to use this command to create an at job, generates an audit record
to log the attempt.
3. If called as atq, invokes list_jobs() to list existing at jobs. atq changes directory to
/var/spool/atjobs, reads its directory content, and lists all existing jobs queued for execution.
4. If called as atrm, invokes process_jobs() to remove existing jobs. atrm changes directory to
/var/spool/atjobs and unlinks the appropriate job file.
5. If called as at, parses the time argument and calls writefile() to create a job file in
/var/spool/atjobs. Generates an audit record to log the creation of an at job. The job file is
owned by the invoking user and contains current umask and environment variables along with the
209