Showing results for 
Search instead for 
Do you mean 

Crons

Occasional Visitor

Crons

I am a blossoming Jr SYSADM in the field of HP-UX. I currently am in part
charge of two HP 9000's (K-260), and K-200). I know how to set up crons to
display date, time, to do backups and so forth. I am trying to run a cron for a
specific user and on my system it says that my security could be breached if
crons were allowed to be run under the users profile. I have already tried
builing restricted SAM for the user and that didnt work. Can this be done? I
mean is it possible? If you have any thoughts or ideas please e-mail me.
THX!!!!!!
9 REPLIES
Occasional Visitor

Re: Crons

If it is a one time deal set the job up as a root cron. If it needs to be run
as the user set up a script that you 'su - {username} -c {script name}'. This
will allow you to control the use of cron but to allow the files to run as
other users.

You may also want to look into using the 'at' command.

Hope this helps
Occasional Visitor

Re: Crons

Check the man page for 'crontab'. You can allow users to run cron jobs using
entries in /var/adm/cron/cron.allow. You can also restrict users with entries
in /var/adm/cron/cron.deny.

Regards,
Mark
Occasional Visitor

Re: Crons

try to add the user to the file /var/adm/cron/cron.allow
Occasional Visitor

Re: Crons

Add users name to cron.allow
vi /var/adm/cron/cron.allow

Hope this helps,
Ed
Occasional Visitor

Re: Crons

I am not sure if what you are trying to do requires you to run the job under
the users profile. One thing you could do is use root's crontab and setup the
job to su to the user and execute whatever needs to be executed and then exit
the shell. Hope this helps you...
Occasional Visitor

Re: Crons

Have you tried su - then crontab -e to create the cron file for
that user?

Occasional Visitor

Re: Crons

Its really a case of do you trust them? and by how much !

Personally, I wouldn't let a user run a cron job other than under their own
uid. Security hacks can involve set uid
where user hijacks a higher uid (e.g. root)
I may offer to run a cron job for them and output the result to their user
account, after carefully looking at their script to see if it compromises
security.
You don't want to run a job and find out their script listed
out valuable tables !!
Take a look at ACL (Access Control Lists), they may help.
If you're talking database tables then I'm lost.
Difficult to offer a general solution ...... good luck.
Occasional Advisor

Re: Crons

Anthony

Maybe give us a bit more detail (that is if your problem still
exists): what does this guy/user want to execute from cron?
Isn't it perhaps a command restricted for use by root?
Occasional Visitor

Re: Crons

add the user to /var/adm/cron/at.allow AND /var/adm/cron/cron.allow. Using
TextEditor or vi

Then login as that person (or root) and setup the cronjob.