Check when user exits SUDO

Hello to everyone,

I'm new here and would like to thank everybody for the upcoming support, I know that I will have my question answered here, this community is huge.

First of all, I�m a DBA and work on a daily basis on Unix environments of all kinds (HP-UX, Solaris, AIX, etc). I have low knowledge on UNIX since I started messing with it for a short while.

Although I'm a DBA, I'm very curious to learn UNIX and Linux, because I used Windows for my entire life, now that I was introduced to UNIX I'm finding it awesome.

I have a question that you might help me with it:

For example, I have my username and password on all UNIX environments that we work, and to do DBA tasks, we must "sudo su - oracle" (to gain access to oracle user permissions), to do things related to oracle binaries.

What I'm trying to accomplish is, when we got our oracle crontab altered, when I do the first "exit" command (to exit sudo of oracle), I want to check that something is changed on the cron (like a commented line) and give me a warning message.

For example:

I'm logged into Oracle user by sudo'ing it. I edit the crontab (crontab -e), I put a # to comment a line on the cron then save it (we usually to this to avoid jobs running and erroring due to maintenance window). When I log out of Oracle by issuing "Exit", is there any way to display something like this:

"There is a commented job on your crontab, please check".

Well, of course my script will not have a history of the cron and will not do analysis of what actually is the current job commented. But only check for a special character (like #) or if something changed since the last login to oracle user.

Is that possible? I have little to almost none knowledge of shell scripting, so a patient explanation might be necessary.

Thank you very much for your support.

Checking for commented line in crontab shouldn't be hard. The only thing is it might be achieved in different ways, depending on your environment. What shell are you using when logged into oracle user? Check it with grep oracle /etc/passwd (last column).

Hi Bartus,

I did a quick check on our servers and they are all running ksh.

Add this line to $ORACLE_USER_HOME/.kshrc :

alias exit='crontab -l | grep ^# > /dev/null && echo "There is a commented job on your crontab, please check"; exit'

Wow!

Thanks a lot Bartus, I'll give it a try and post here the results.

Bartus, I did not find the .kshrc file in my environment, but we use a .profile to load environments variables and I added your string there... It worked like a charm.

I have one more question:

Is there a way to filter the second character too? Like this:

If the second char is a number or an asterisk, show message, if any other char, does not show.

I was thinking of AWK to do this, but I'm not sure.

Try:

alias exit='crontab -l | grep "^#[0-9*]" > /dev/null && echo "There is a commented job on your crontab, please check"; exit'

It worked!!!

Thank you very much bartus

Hello again,

As I learned how to check for a specific string in cron, I'm going deeper with my "pseudo script" to add some error handling to it.

I wanna know, if by any means, if I can make a verification that the crontab has changed in, for example, 10 hours.

What I'm trying to accomplish here is something like this:

Load the shell script from .profile

Then do something like this:

If crontab has changed in the last "10" hours
do (run the check bartus sent)
else
do nothing.

What came to my attention, is that sometimes there are purposely commented jobs, If I only add the verification from before to my .profile it will always came up with the message that something is commented out.

If I could manage to check for the cron file date (of modification) and do some kind of comparison, that would help filtering old commented jobs.

Thanks a lot.