commands that are to be executed. Information stored in this job file, along with its attributes, is used by the atd daemon to recreate the invocation of the user’s identity while performing tasks at the scheduled time.
5.14.2Batch processing daemons
5.14.2.1cron
The cron daemon executes commands scheduled through crontab or listed in /etc/crontab for standard system cron jobs.
The cron trusted process daemon processes users’ crontab files. The cron daemon ensures that the system DAC policy is not violated by duplicating the login environment of the user whose crontab file is being processed. The cron daemon depends on the crontab trusted command to create the crontab file of each user with his or her name. The /var/spool/cron/tabs/root file contains the crontab for root, and therefore is critical. The cron daemon also depends on the kernel’s file system subsystem to prevent normal users from creating or modifying other users’ crontab files. The cron daemon starts during system initialization, and generally follows these steps:
1.Sits in an infinite loop, waking up after one minute to process crontab files.
2.Sets the system’s cron jobs by reading crontab files in the directory /etc/cron.d/.
3.Sets cron jobs to be executed weekly, hourly, daily and monthly by reading their respective crontab files from directories /etc/cron {weekly hourly daily monthly}.
4.Calls the load_database() routine to read crontab files in the /var/spool/cron/tabs directory.
5.For every crontab file, invokes getpwnam() to get the user’s identity information.
6.For each crontab file, at the appropriate time, which is set in the file, the daemon forks a child to execute commands listed in the crontab file. The child sets its credentials based on the user’s login environment before executing any commands. It generates audit records to log execution of cron jobs.
5.14.2.2atd
The atd is the trusted process daemon that services users’ requests for timed execution of specific tasks. The atd ensures that the system’s DAC policy is not violated by exactly duplicating the identity for the user on whose behalf it is performing tasks. The atd depends on the trusted command at to have appropriately created at jobs file containing pertinent information about the user’s identity. The atd is started during system initialization time and generally goes through these steps:
1.Attaches to the audit subsystem.
2.On a regular interval or on receiving a signal from a user looks into the /var/spool/atjobs directory for processing jobs.
3.If an appropriate job is found, forks a child process and sets its user and group IDs to those of the owner of the job file. Sets up standard out to go to a file. Performs the tasks listed in the job file by executing the user’s shell and
210
