The time-based scheduler
cron(8) has been around since Unix version 7, and its
crontab(5) syntax is familiar even to women and men who don’t like the system very much bankruptcy of Unix. It’s standardized, somewhat flexible, to help you with easy setup, and works reliably so it’s trusted by both application package users and many important task managers.
However, like many Unix tools before
cron(8), simplicity has a problem: it depends on whether the user really knows certain details about how the software works. e. implements correctly other behavioral factors. security checks around concept. In particular, in all it’s about is to look at the work and complete it in an almost reasonable time frame and email the production. For the simple, unimportant duties of each user, this may be fine, but for larger system roles, it’s worth wrapping additional trivial infrastructure around it and the tasks it invokes.
There are several waysThe idea is to make
cron(8) more reliable if you’re in a life situation where it’s desirable to keep track of all running tasks.cron(8) p>
Apply The Principle Of Least Privilege
The sixth blink of the
crontab(5) system file is usually the name of the user running the task as:
0 6. * * * Encourage cron work
As long as it’s reliable, you should run the task in such a way that the user only works with the security features they need and little else. Sometimes it makes sense to do the following to create a separate course user for just the current features planned for your app.
0 * 2 . * * myappcron cron task
These are not just general reasons, although there are good reasons; They protect against malicious crongeek.com such as script errors when trying to delete files from full system directories.
Similarly, for task databases running systems such as MySQL, you should not be an administrator with
root if you can avoid it. Instead, useYou can, even a dedicated user with a random unique password stored in the file
~/locked-down.my.cnf with the necessary permissions. For example, a MySQL backup copy job should only require a few of your permissions, including
LOCK TABLES and .
Of course, in some cases you must have
root permissions. In particularly important contexts, you can even use
sudo(8) with the confidential options
NOPASSWD to allow the designated person to only assume the appropriate roles in
root as and nothing else.
Test Specific Than Tasks
Before putting the task in a single
crontab(5) file, you must test it on the command line, set up the user to run the target, and the appropriate environment. If you frequently run a task as
root, use something like
sudo -i to first get into the root shell with the expected full user environment. :
$ sudo -i -ough cruser $ cron job
After the task is passed to the command line, it is placed in a file.
crontab(5) with the ideal time to run the method after a few minutes, and where
monitors /var/log/syslog with
tail -f< /code> so you can verify that the task can actually run without errors and that the big enterprise itself completes successfully:
13:30:01 May yourhost CRON: (you) (cron job)
This command may seem tedious at first, but it quickly becomes a chore and saves you a lot of hassle down the road as it doesn't require you to make assumptions about all sorts of things around you. don't know what
will cron(8) use. It's also an important stress test to make sure the experts think your
crontab(5) file is well-formed compared to some
cron(8) reject Stop downloading all the file for now, there is an error in one of the lines.
If necessary, you can set any reasonable environment variable for tasks to the new beginning * of the file:
MAVAR=my value 0 3 . * * your Cron
Not A Job, Ignore Errors And Realistic Results
Perhaps yoututorials around the world that use shell redirect operators to prevent their job from being sent to
crontab(5) standard email messages and/or email messages Standard messages every few minutes Sends error messages at the end execution specifications to eliminate both known output and standard error. This trick is especially common for doing online development tasks by automating a command for a URL with
curl(1) accompanied by
*/5 * * * main https://example curl.com/cron.Php >/dev/null The 2>&1
Ignoring output completely is usually not a good idea, because unless you assign tasks to others or keep track of whether someone's work is being done, no one will notice (or know what they really are) the problems that the task generates errors that you actually control.
In the case of
curl(1), there are too many problems at this stage that could go wrong for someone to notice too late:
cron.Phptask might change and someone might forget to add an HTTP 301 redirect.
curl(1), the situation will not change.
The author has experienced all of the above events, sometimes very often.
How useful it is to read the man page for the task being invoked and find ways to appropriately limit its output, allowing access to only the output you really need. In the case of
curl(1) this is for example: means I found that the following pill works well:
curl -o -flss /dev/null http://example.com/
-f: if the HTTP response is an error, they print an error, See the 404 page.
-L: If the redirect is http 301, you are trying to do it.
-sS: don't show progress bar for (
-salso blocks error messages).
-o /dev/nullSend: std (actual output of returned web page) to
So this request should be silent
curl(1) when almost everything is in order, according to the old people's Unix philosophy.
you can strongly disagree with some of the above options; you may find it wonderful, for example. to save full processing of the returned page, or actually fail instead of silently accepting some kind of 301 redirect or you can decide to use
wget(1). The goal will probably be for you to take the time to study in more detail what each of the programs we named actually produce and under what circumstances, and let it compete with your requirements as much as possible, and not blindly reject all of it and results (more xalready) errors. Full work with the law Guess Murphy; nothing can go wrong here.
Send The Result To The Right Place
Another common error is when the appropriate launch of
MAILTO is not defined for that particular
crontab(5) file, depending on the destination output and errors. depending on tasks.
cron(8) uses a layered messaging implementation to send its text messages and usually the default mail agent configuration by simply sending members to