Cron is a job scheduler tool used to schedule commands, jobs or scripts for automatic execution at specific interval, fixed times or dates.
Enable or start cron service
systemctl –now enable cron
To verify if it is enabled, used these commands:
systemctl is-enabled cron
systemctl status cron
Sample Output:
tux@freelinux:~$ systemctl is-enabled cron
enabled
tux@freelinux:~$ systemctl status cron
● cron.service – Regular background program processing daemon
Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-09-12 20:12:40 +08; 3 weeks 5 days ago
Docs: man:cron(8)
Main PID: 2069 (cron)
CGroup: /system.slice/cron.service
└─2069 /usr/sbin/cron -f
Here are the following recommendation ownerships and permissions:
- /etc/crontab (contains what jobs are run by cron)
uid: 0
gid:0
permission: 0600 or -rw——-
To set this:
chown root:root /etc/crontab
chmod og-rwx /etc/crontab
To verify:
stat /etc/crontab
Sample Output:
tux@freelinux:~$ stat /etc/crontab
File: ‘/etc/crontab’
Size: 722 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 51380368 Links: 1
Access: (0600/-rw——-) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2021-09-12 20:12:40.819458570 +0800
Modify: 2013-02-09 15:02:20.000000000 +0800
Change: 2017-02-28 08:31:28.792558208 +0800
2. /etc/cron.hourly (directory that contains jobs that need to run hourly)
uid: 0
gid:0
permission: 0700 or drwx——
To set this:
chown root:root /etc/cron.hourly/
chmod og-rwx /etc/cron.hourly
To verify:
stat /etc/cron.hourly/
Sample Output:
tux@freelinux:~$ stat /etc/cron.hourly/
File: ‘/etc/cron.hourly/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 51380361 Links: 2
Access: (0700/drwx——) Uid: ( 0/ root) Gid: ( 0/ root)
3. /etc/cron.daily (directory that contains jobs that need to run daily)
uid: 0
gid:0
permission: 0700 or drwx——
To set this:
chown root:root /etc/cron.daily/
chmod og-rwx /etc/cron.daily/
To verify:
stat /etc/cron.daily/
Sample Output:
tux@freelinux:~$ stat /etc/cron.daily/
File: ‘/etc/cron.daily/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 51380354 Links: 2
Access: (0700/drwx——) Uid: ( 0/ root) Gid: ( 0/ root)
4. /etc/cron.weekly (directory that contains jobs that need to run weekly)
uid: 0
gid:0
permission: 0700 or drwx——
To set this:
chown root:root /etc/cron.weekly/
chmod og-rwx /etc/cron.weekly/
To verify:
stat /etc/cron.weekly/
Sample Output:
tux@freelinux:~$ stat /etc/cron.weekly/
File: ‘/etc/cron.weekly/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 51380354 Links: 2
Access: (0700/drwx——) Uid: ( 0/ root) Gid: ( 0/ root)
5. /etc/cron.monthly (directory that contains jobs that need to run monthly)
uid: 0
gid:0
permission: 0700 or drwx——
To set this:
chown root:root /etc/cron.monthly/
chmod og-rwx /etc/cron.monthly/
To verify:
stat /etc/cron.monthly/
Sample Output:
tux@freelinux:~$ stat /etc/cron.monthly/
File: ‘/etc/cron.monthly/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 51380354 Links: 2
Access: (0700/drwx——) Uid: ( 0/ root) Gid: ( 0/ root)
6. /etc/cron.d/ (directory that contains jobs that need to run jobs if you required to have detailed control as to when they run. It usually used by system packages)
uid: 0
gid:0
permission: 0700 or drwx——
List all the jobs under this directory:
ls /etc/cron.d/
My sample jobs under this directory
tux@freelinux:~$ ls /etc/cron.d/
anacron cacti php php5 popularity-contest tuptime
To set this:
chown root:root /etc/ cron.d/
chmod og-rwx /etc/cron.d/
To verify:
stat /etc/cron.d/
Sample Output:
tux@freelinux:~$ stat /etc/cron.d/
File: ‘/etc/cron.d/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 51380352 Links: 2
Access: (0700/drwx——) Uid: ( 0/ root) Gid: ( 0/ root)
7. /etc/cron.allow (this allow specific users to use the service or controls access to crontab for scheduling/modifying jobs)
uid: 0
gid:0
permission: 0640 or -rw-r—–
To set this:
chmod g-wx,o-rwx /etc/cron.allow
chown root:root /etc/cron.allow
To verify:
stat /etc/cron.allow
8. /etc/cron.deny (this denies specific users to use the service or controls access to crontab for scheduling/modifying jobs)
uid: 0
gid:0
permission: 0640 or -rw-r—–
To set this:
chmod g-wx,o-rwx /etc/cron.deny
chown root:root /etc/cron.deny
To verify:
stat /etc/cron.deny
Condition:
* If cron.allow exists -> only users listed in it are allowed to use
cron
* If cron.allow does not exists -> all users except users listed in the cron.deny can use cron
* If user exists on both cron.allow and cron.deny –> that user can use cron
* If both cron.allow and cron.deny does not exists -> only root can use cron
To allow crontab access to specific user, add it /etc/cron.allow
To deny crontab access to specific user, add it /etc/cron.deny
either text editor like vi or use echo
echo “user1” > /etc/cron.allow
echo “user2” >> /etc/cron.allow
Verify by allowing user to create entry in crontab
su – user1
crontab -e
