The cron command starts a process that executes commands at specified dates and times. Regularly scheduled commands can be specified according to instructions found in crontab files in the directory /var/spool/cron/crontabs. Users can submit their own crontab file using the crontab(1) command. Commands which are to be executed only once may be submitted using the at(1) command.
cron only examines crontab or at command files during its own process initialization phase and when the crontab or at command is run. This reduces the overhead of checking for new or changed files at regularly scheduled intervals.
Since cron never exits, it should be executed only once. This is done routinely through /etc/rc2.d/S75cron at system boot time. The file /etc/cron.d/FIFO is used (among other things) as a lock file to prevent the execution of more than one instance of cron.
cron captures the output of the job's stdout and stderr streams, and, if it is non-empty, mails the output to the user. If the job does not produce output, no mail is sent to the user (unless the job is an at(1) job and the -m option was specified when the job was submitted).
To keep a log of all actions taken by cron, CRONLOG=YES (by default) must be specified in the /etc/default/cron file. If CRONLOG=NO is specified, no logging is done. Keeping the log is a user configurable option since cron usually creates huge log files.
The PATH for user cron jobs can be set using PATH= in /etc/default/cron. The PATH for root cron jobs can be set using SUPATH= in /etc/default/cron. The security implications of setting PATH and SUPATH should be carefully considered.
Example /etc/default/cron file:
This example enables logging and sets the default PATH used by non-root jobs to /usr/bin:/usr/ucb:. Root jobs will continue to use /usr/sbin:/usr/bin.
/etc/cron.d/logchecker is a script that checks to see if the log file has exceeded the system ulimit. If so, the log file is moved to /var/cron/olog.
The job directories /var/spool/cron/crontabs and /var/spool/cron/atjobs are multilevel directories (MLDs). The MLD job directory provides for the separation of job files at different sensitivity labels. Hence, there can be multiple crontab files for a single user within the crontabs directory, but each crontab file is at a different sensitivity label. In addition, a user can have multiple atjob files at different sensitivity labels.
Each crontab file in the crontabs MLD and each atjob file in the atjobs MLD has an ancillary file containing information used by cron to set up a job. The crontab ancillary files are named username.ad, and the atjobs ancillary files are name jobname.ad.
The clock daemon must be started with the root userid, must have the
PAF_TRUSTED_PATH process attribute, and it must inherit the following privileges:
If the clock daemon has the
PAF_PRIV_DEBUG process attribute, it passes the attribute on to the job to be executed. Because the daemon never has the
PAF_SELAGNT process attributes, these attributes will not be passed on to the job to be executed.
The clock daemon creates the /var/cron/log file at the
ADMIN_HIGH sensitivity label.
In the default Trusted Solaris environment, there are two pairs of crontab and its ancillary file for the root userid: one pair at the
ADMIN_HIGH sensitivity label, and the other pair at the
main cron directory
used as a lock file
contains cron default settings
cron history information
moves log file to /var/cron/olog if log file exceeds system ulimit.
queue description file for at, batch, and cron.
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
A history of all actions taken by cron is stored in /var/cron/log and (possibly) /var/cron/olog.