NAME | SYNOPSIS | DESCRIPTION | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | ATTRIBUTES | SEE ALSO | DIAGNOSTICS
The cron command starts a process that executes commands at specified dates and times. Regularly scheduled commands can be specified according to instructions found in crontab files in the directory /var/spool/cron/crontabs. Users can submit their own crontab file using the crontab(1) command. Commands which are to be executed only once may be submitted using the at(1) command.
cron only examines crontab or at command files during its own process initialization phase and when the crontab or at command is run. This reduces the overhead of checking for new or changed files at regularly scheduled intervals.
Since cron never exits, it should be executed only once. This is done routinely through /etc/rc2.d/S75cron at system boot time. The file /etc/cron.d/FIFO is used (among other things) as a lock file to prevent the execution of more than one instance of cron.
cron captures the output of the job's stdout and stderr streams, and, if it is non-empty, mails the output to the user. If the job does not produce output, no mail is sent to the user (unless the job is an at(1) job and the -m option was specified when the job was submitted).
To keep a log of all actions taken by cron, CRONLOG=YES (by default) must be specified in the /etc/default/cron file. If CRONLOG=NO is specified, no logging is done. Keeping the log is a user configurable option since cron usually creates huge log files.
The PATH for user cron jobs can be set using PATH= in /etc/default/cron. The PATH for root cron jobs can be set using SUPATH= in /etc/default/cron. The security implications of setting PATH and SUPATH should be carefully considered.
Example /etc/default/cron file:
CRONLOG=YES PATH=/usr/bin:/usr/ucb: |
This example enables logging and sets the default PATH used by non-root jobs to /usr/bin:/usr/ucb:. Root jobs will continue to use /usr/sbin:/usr/bin.
/etc/cron.d/logchecker is a script that checks to see if the log file has exceeded the system ulimit. If so, the log file is moved to /var/cron/olog.
The job directories /var/spool/cron/crontabs and /var/spool/cron/atjobs are multilevel directories (MLDs). The MLD job directory provides for the separation of job files at different sensitivity labels. Hence, there can be multiple crontab files for a single user within the crontabs directory, but each crontab file is at a different sensitivity label. In addition, a user can have multiple atjob files at different sensitivity labels.
Each crontab file in the crontabs MLD and each atjob file in the atjobs MLD has an ancillary file containing information used by cron to set up a job. The crontab ancillary files are named username.ad, and the atjobs ancillary files are name jobname.ad.
The clock daemon must be started with the root userid, must have the PAF_TRUSTED_PATH
process attribute, and it must inherit the following privileges: file_mac_write
, net_mac_read
, proc_setid
, proc_setsl
, proc_setclr
, sys_audit
, proc_audit_tcb
, file_dac_read
, and file_owner
.
If the clock daemon has the PAF_PRIV_DEBUG
process attribute, it passes the attribute on to the job to be executed. Because the daemon never has the PAF_TOKMAPPER
, PAF_DISKLESS_BOOT
, and PAF_SELAGNT
process attributes, these attributes will not be passed on to the job to be executed.
The clock daemon creates the /var/cron/log file at the ADMIN_HIGH
sensitivity label.
In the default Trusted Solaris environment, there are two pairs of crontab and its ancillary file for the root userid: one pair at the ADMIN_HIGH
sensitivity label, and the other pair at the ADMIN_LOW
sensitivity label.
main cron directory
used as a lock file
contains cron default settings
cron history information
spool area
moves log file to /var/cron/olog if log file exceeds system ulimit.
queue description file for at, batch, and cron.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWcsu |
A history of all actions taken by cron is stored in /var/cron/log and (possibly) /var/cron/olog.
NAME | SYNOPSIS | DESCRIPTION | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | ATTRIBUTES | SEE ALSO | DIAGNOSTICS