I'm doing another server services decomissioning and part of decomissioning plan is: Removing application and all related scripts from related machines (FTP, RSYNC, …). In project documentation I found a list with Cron enabled shell scripts:
#Cron tab excerpt:
1,11,21,31,41,51 * * * */webservices/tools/scripts/rsync_portal_sync.sh
that has to be deleted, however there was nowhere mentioned under what kind of credentials (with what kind of user) are the cron scripts running? Hence I had to look up all users that has cronjobs and find inside each user's cronjobs whether respective script is set to run. Herein I will explain shortly how I did that.
Cronjobs by default has few locations from where cronjobs are setupped depending on their run time schedule. First place I checked for the scripts is
/etc/crontabs
# cat /etc/crontabs SHELL=/bin/sh
PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin
MAILTO=root
#
# check scripts in cron.hourly, cron.daily, cron.weekly, and cron.monthly
#
-*/15 * * * * root test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons >/dev/null 2>&1
59 * * * * root rm -f /var/spool/cron/lastrun/cron.hourly
14 4 * * * root rm -f /var/spool/cron/lastrun/cron.daily
29 4 * * 6 root rm -f /var/spool/cron/lastrun/cron.weekly
44 4 1 * * root rm -f /var/spool/cron/lastrun/cron.monthly
I was not really user via what user is shell script run, therefore I looked first if someone doesn't set the script to run via crontab's standard locations for Daily, Hourly,Weekly and Monthly cronjobs:
a) Daily set cron jobs are in:
/etc/cron.daily/
b) Hourly set cron jobs:
/etc/cron.hourly
c) Weekly cron jobs are in:
/etc/cron.weekly/
d) Monthly cron jobs:
/etc/cron.monthly
There is also a location read by crontab for all Software (package distribution) specific cronjobs – all run under root user privileges.:
e) Software specific script cron jobs are in:
/etc/cron.d/
As the system has about 327 users in /etc/passwd, checking each user's cronjob manually with:
# crontab -u UserName -l
was too much time consuming thus it is a good practice to list
/var/spool/cron/*
directory and to see which users has cron jobs defined
# ls -al /var/spool/cron/*
-rw——- 1 root root 11 2007-07-09 17:08 /var/spool/cron/deny/var/spool/cron/lastrun:
total 0
drwxr-xr-x 2 root root 80 2014-05-22 11:15 .
drwx—— 4 root root 120 2008-02-25 15:45 ..
-rw-r–r– 1 root root 0 2014-05-22 04:15 cron.daily/var/spool/cron/tabs:
total 8
drwx—— 2 root root 72 2014-04-03 03:43 .
drwx—— 4 root root 120 2008-02-25 15:45 ..
-rw——- 1 root root 4901 2014-04-03 03:43 root
/var/spool/cron – is crond (/usr/bin/cron/)'s spool directory.
# ls -al /var/spool/cron/tabs/ total 8
drwx------ 2 root root 72 2014-04-03 03:43 .
drwx------ 4 root root 120 2008-02-25 15:45 ..
-rw------- 1 root root 4901 2014-04-03 03:43 root
Above output shows only root superuser has defined crons.
Alternative way to check all user crontabs is via quick Linux one liner shell script show all user cron jobs
for i in $(cat /etc/passwd | sed -e "s#:# #g" | awk '{ print $1 }'); do
echo "user $i --- crontab ---";
crontab -u $i -l 2>&1 >/dev/null;
echo '----------';
done|less
Note that above short script has to run with root user. Enjoy 🙂
More helpful Articles
Tags: checking, cron, cron jobs, etc passwd, jobs, kind, lib, Linux, root, root root, run, script, scripts, show, spool, time consuming, total, var