I have set up a cron job and it ran as i have expected, however, i unable to determined whether it was executed by a regular user (rml5723 in this case) or by root. My intention was for it to run as root (notice the 's' bit set on the script), the script itself is owned by the regular user. As you can see per below cut/paste from /var/adm/cron/log, its command was executed but i am not able to determine who actually ran the script. I have been looking for documentation that might explain how to read this cron log but unable to find anythinng, your help is greatly appreciated.
Even if they did, it wouldn't run a user-owned script as root, but as the user that owns it. Otherwise anyone could create a script that would run as root.
If you want something in crontab to be run as root, I suggest telling cron so by putting it in root's crontab. This has the advantage that you're not opening the door for anyone to run that script as root, you're only permitting cron to do it.
Thanks for your quick response. Our internal syst admin policy is we don't put application cron jobs in root's crontab, we separate them. Maybe i did not mention earlier, i put this cron job in the regular user's (rml5723 in this case) cron tab.
So if I provide this user sudo privs, i'd remove the 's' bit, and then keep the job in its user's crontab but how would i integrate the below sudoers with cron? It will need to run weekly.
The syntax in the sudoers file would be like
# Host alias specification
Host_Alias SERVERS=abc124
# User alias specification
User_Alias Developer=rml5723
Developer SERVER = (root) NOPASSWD:/home/rml5723/testcron
#!/bin/sh
# run-parts: Runs all the scripts found in a directory.
# keep going when something fails
set +e
# ensure wild card matching
set +f
if [ x"$1" = x"-l" ]; then
logfile=$2
shift 2
fi
if [ $# -lt 1 ]; then
echo "Usage: run-parts [-l logfile] <directory>"
exit 1
fi
if [ ! -d "$1" ]; then
echo "Not a directory: $1"
exit 1
fi
umask 22
if [ -n "$logfile" ]; then
# rotate if >10MB
[ -f "$logfile" ] && find "$logfile" -size +20000 -exec mv "$logfile" "$logfile.old" \;
exec >> "$logfile" 2>&1 || exit
fi
# an individual pause:
sleep `cksum /etc/hosts | awk '{print $1'\%'60}'`
# Main loop:
for SCRIPT in "$1"/* ; do
# There are several types of files that we would like to
# ignore automatically, as they are likely to be backups
# of other scripts:
case $SCRIPT in
*.bak|*.new|*.old|*.orig|*.swp)
continue # the loop
;;
*[a-zA-Z0-9])
# The last character is legal :-)
;;
*)
continue # the loop
;;
esac
# If we've made it this far, then run the script if it's executable:
if [ -f "$SCRIPT" -a -x "$SCRIPT" ]; then
echo "`date` run $SCRIPT":
"$SCRIPT"
echo
fi
done
exit 0
Now add your executable script to /etc/cron.d/weekly , for weekly execution.
Its output is logged to /var/log/run-parts.log .
You can put more than one script to any of the hourlydailyweeklymonthly directories.
It works like the /etc/cron.*ly/ in Linux.