Windows Errors Cron Geek

The time-based scheduler cron(8) has been around since Unix version 7, and its crontab(5) syntax is familiar even to women and men who don’t like the system very much bankruptcy of Unix. It’s standardized, somewhat flexible, to help you with easy setup, and works reliably so it’s trusted by both application package users and many important task managers.

However, like many Unix tools before cron(8), simplicity has a problem: it depends on whether the user really knows certain details about how the software works. e. implements correctly other behavioral factors. security checks around concept. In particular, in all it’s about is to look at the work and complete it in an almost reasonable time frame and email the production. For the simple, unimportant duties of each user, this may be fine, but for larger system roles, it’s worth wrapping additional trivial infrastructure around it and the tasks it invokes.

There are several waysThe idea is to make cron(8) more reliable if you’re in a life situation where it’s desirable to keep track of all running tasks.cron(8) p>

Apply The Principle Of Least Privilege

The sixth blink of the crontab(5) system file is usually the name of the user running the task as:

0 6. * * * Encourage cron work

As long as it’s reliable, you should run the task in such a way that the user only works with the security features they need and little else. Sometimes it makes sense to do the following to create a separate course user for just the current features planned for your app.

0 * 2 . * * myappcron cron task

These are not just general reasons, although there are good reasons; They protect against malicious such as script errors when trying to delete files from full system directories.

Similarly, for task databases running systems such as MySQL, you should not be an administrator with root if you can avoid it. Instead, useYou can, even a dedicated user with a random unique password stored in the file ~/ with the necessary permissions. For example, a MySQL backup copy job should only require a few of your permissions, including SELECT, SHOW VIEW, LOCK TABLES and .

Of course, in some cases you must have root permissions. In particularly important contexts, you can even use sudo(8) with the confidential options NOPASSWD to allow the designated person to only assume the appropriate roles in root as and nothing else.

Test Specific Than Tasks

Before putting the task in a single crontab(5) file, you must test it on the command line, set up the user to run the target, and the appropriate environment. If you frequently run a task as root, use something like su or sudo -i to first get into the root shell with the expected full user environment. :

$ sudo -i -ough cruser
$ cron job

After the task is passed to the command line, it is placed in a file. crontab(5) with the ideal time to run the method after a few minutes, and where monitors /var/log/syslog with tail -f< /code> so you can verify that the task can actually run without errors and that the big enterprise itself completes successfully:

13:30:01 May yourhost CRON[20249]: (you) (cron job)

This command may seem tedious at first, but it quickly becomes a chore and saves you a lot of hassle down the road as it doesn't require you to make assumptions about all sorts of things around you. don't know what will cron(8) use. It's also an important stress test to make sure the experts think your crontab(5) file is well-formed compared to some cron(8) reject Stop downloading all the file for now, there is an error in one of the lines.

If necessary, you can set any reasonable environment variable for tasks to the new beginning * of the file:

MAVAR=my value

0 3 . * * your Cron

Not A Job, Ignore Errors And Realistic Results

Perhaps yoututorials around the world that use shell redirect operators to prevent their job from being sent to crontab(5) standard email messages and/or email messages Standard messages every few minutes Sends error messages at the end execution specifications to eliminate both known output and standard error. This trick is especially common for doing online development tasks by automating a command for a URL with curl(1) accompanied by wget(1):

*/5 * * * main https://example >/dev/null The 2>&1

Ignoring output completely is usually not a good idea, because unless you assign tasks to others or keep track of whether someone's work is being done, no one will notice (or know what they really are) the problems that the task generates errors that you actually control.

In the case of curl(1), there are too many problems at this stage that could go wrong for someone to notice too late:

  • File scriptma may fail and return a 450 error.
  • The URL for the cron.Php task might change and someone might forget to add an HTTP 301 redirect.
  • Even though the HTTP 301 redirect is built in, unless you use -L or --location for curl(1) , the situation will not change.
  • Client may be penalized, otherwise prevented by firewalls or unduly interfered with forex trading or manual processes if the personal identification number presents the request as spam.With HTTPS
  • at may lose connectivity, so the protocol is malformed or incompatible.A
  • The author has experienced all of the above events, sometimes very often.

    How useful it is to read the man page for the task being invoked and find ways to appropriately limit its output, allowing access to only the output you really need. In the case of curl(1) this is for example: means I found that the following pill works well:

    curl -o -flss /dev/null

  • -f: if the HTTP response is an error, they print an error, See the 404 page.
  • -L: If the redirect is http 301, you are trying to do it.
  • -sS: don't show progress bar for (-s stopping with -s also blocks error messages).
  • -o /dev/null Send: std (actual output of returned web page) to /dev/null.
  • So this request should be silent curl(1) when almost everything is in order, according to the old people's Unix philosophy.

    you can strongly disagree with some of the above options; you may find it wonderful, for example. to save full processing of the returned page, or actually fail instead of silently accepting some kind of 301 redirect or you can decide to use wget(1). The goal will probably be for you to take the time to study in more detail what each of the programs we named actually produce and under what circumstances, and let it compete with your requirements as much as possible, and not blindly reject all of it and results (more xalready) errors. Full work with the law Guess Murphy; nothing can go wrong here.

    Send The Result To The Right Place

    Another common error is when the appropriate launch of MAILTO is not defined for that particular crontab(5) file, depending on the destination output and errors. depending on tasks. cron(8) uses a layered messaging implementation to send its text messages and usually the default mail agent configuration by simply sending members to