The crontab program is used to install, deinstall, or list the tables used to drive the cron daemon in Vixie Cron. The crontab program allows an administrator to perform specific tasks on a regularly-scheduled basis without logging in. Users can have their own crontabs that allow them to create jobs that will run at given times. A user can create a crontab file with the help of this command. The crontab command generally goes through these steps:

1.Parses command-line options to determine if the crontab file is to be created, listed, edited or replaced.

2.Checks if the user is authorized to use this command. If the /etc/cron.allow file exists, only users listed in that file are allowed to use this command. If the /etc/cron.deny file exists, then users listed in that file are not allowed to use this command. It generates an audit record if a user is not allowed to use it.

3.If listing, crontab invokes the list_cmd() routine to list the existing crontab file. It generates an audit record to log the listing of crontab files.

4.If deleting, crontab invokes the delete_cmd() routine to delete the existing crontab file. It generates an audit record to log the deletion of an existing crontab file.

5.If editing a crontab, it invokes the edit_cmd() routine to edit the existing crontab file. It generates audit record to log modification of an existing crontab file.

6.If replacing a crontab, crontab invokes the replace_cmd() routine to replace the existing crontab file. After the edit and replace option, crontab ensures that the modified new crontab file is owned by root and has an access mode of 600. It generates an audit record to log the replacement of an existing crontab file.

crontab files are created in the /var/spool/cron/ directory and are created with the login name of the respective user. This establishes the identity of the user on whose behalf commands will be executed. Since the /var/spool/cron directory is owned by root and has an access mode of 700, normal users cannot schedule jobs in the name of other users.

5.14.1.2at

The at command executes commands at a specified time and optional date. The commands are read from standard input or from a file. at is also used for performing maintenance, such as listing and removing existing jobs. at generally follows these steps:

1.Registers if it was called as at, atq or atrm, to create at jobs, list at jobs, or remove at jobs, respectively.

2.Checks to ensure that the user is allowed to use this command. at command can always be issued by a privileged user. Other users must be listed in the file /etc/at.allow if it exists; otherwise, they must not be listed in /etc/at.deny. If neither file exists, only a privileged user can issue the command. If a user is not allowed to use this command to create an at job, generates an audit record to log the attempt.

3.If called as atq, invokes list_jobs() to list existing at jobs. atq changes directory to /var/spool/atjobs, reads its directory content, and lists all existing jobs queued for execution.

4.If called as atrm, invokes process_jobs() to remove existing jobs. atrm changes directory to /var/spool/atjobs and unlinks the appropriate job file.

5.If called as at, parses the time argument and calls writefile() to create a job file in /var/spool/atjobs. Generates an audit record to log the creation of an at job. The job file is owned by the invoking user and contains current umask and environment variables along with the

209

Page 220 Page 222
Page 221
Image 221
IBM 10 SP1 EAL4 manual 14.1.2 at
Page 220 Page 222
Top Page Image Contents