8.2 Configuring cron Jobs

8.2.1 Controlling Access to Running cron Jobs

System cron jobs are defined in crontab-format files in /etc/crontab or in files in /etc/cron.d. A crontab file usually consists of definitions for the SHELL, PATH, MAILTO, and HOME variables for the environment in which the jobs run, followed by the job definitions themselves. Comment lines start with a # character. Job definitions are specified in the following format:

minute  hour  day  month  day-of-week  user  command

where the fields are:








1-12 or jan, feb,..., dec.


0-7 (Sunday is 0 or 7) or sun, mon,...,sat.


The user to run the command as, or * for the owner of the crontab file.


The shell script or command to be run.

For the minute through day-of week fields, you can use the following special characters:


(asterisk) All valid values for the field.


(dash) A range of integers, for example, 1-5.


(comma) A list of values, for example, 0,2,4.


(forward slash) A step value, for example, /3 in the hour field means every three hours.

For example, the following entry would run a command every five minutes on weekdays:

0-59/5  *  *  *  1-5  *  command

Run a command at one minute past midnight on the first day of the months April, June, September, and November:

1  0  1  4,6,9,11  *  *  command

root can add job definition entries to /etc/crontab, or add crontab-format files to the /etc/cron.d directory.


If you add an executable job script to the /etc/cron.hourly directory, crond runs the script once every hour. Your script should check that it is not already running.

For more information, see the crontab(5) manual page.

8.2.1 Controlling Access to Running cron Jobs

If permitted, users other than root can configure cron tasks by using the crontab utility. All user-defined crontab-format files are stored in the /var/spool/cron directory with the same name as the users that created them.

root can use the /etc/cron.allow and /etc/cron.deny files to restrict access to cron. crontab checks the access control files each time that a user tries to add or delete a cron job. If /etc/cron.allow exists, only users listed in it are allowed to use cron, and /etc/cron.deny is ignored. If /etc/cron.allow does not exist, users listed in /etc/cron.deny are not allowed to use cron. If neither file exists, only root can use cron. The format of both /etc/cron.allow and /etc/cron.deny is one user name on each line.

To create or edit a crontab file as a user, log in as that user and type the command crontab –e, which opens your crontab file in the vi editor (or the editor specified by the EDITOR or VISUAL environment variables). The file has the same format as /etc/crontab except that the user field is omitted. When you save changes to the file, these are written to the file /var/spool/cron/username. To list the contents of your crontab file, use the crontab –l command. To delete your crontab file, use the crontab -r command.

For more information, see the crontab(1) manual page.