UNIX System Administration Handbook - Evi Nemeth [104]
a. The default configuration routes cron-related messages to /var/cron/log.*.
If the allow file exists, then it contains a list of all users that may submit crontabs, one per line. Anyone not listed can’t invoke the crontab command. If the allow file doesn’t exist, then the deny file is checked. It, too, is just a list of users, but the meaning is reversed: everyone except the listed users is allowed access. If neither the allow file nor the deny file exists, only root can submit crontabs.
It’s important to note that access control is implemented by crontab, not by cron. If a user is able to sneak a crontab file into the appropriate directory by other means, cron will blindly execute the commands that it contains.
9.4 SOME COMMON USES FOR CRON
A number of standard tasks are especially suited for invocation by cron, and these usually make up the bulk of the material in root’s crontab. In this section we’ll look at a variety of such tasks and the crontab lines used to implement them.
UNIX systems often come with some crontab entries preinstalled for you. If you want to deactivate the standard entries, comment them out by inserting a pound sign (#) at the beginning of each line. Don’t delete them completely; you might want to refer to them later.
Cleaning the filesystem
Some of the files on any UNIX system are worthless junk (no, not the system files). For example, whenever a program crashes, the kernel writes out a file that contains an image of the program’s address space. These files used to be named core, but some systems now include the program name or PID in the name of the core file (for example, netscape.core or core.7288).4
Core files are useful for software developers, but for administrators they are usually a waste of space. Users often don’t know about core files, so they tend not to delete them on their own.
NFS is another source of extra files. Because NFS servers are stateless, they have to use a special convention to preserve files that have been deleted locally but are still in use by a remote machine. Most implementations rename such files to .nfsxxx where xxx is a number. Various situations can result in these files being forgotten and left around after they are supposed to have been deleted.
NFS, the Network File System, is described in Chapter 17.
Many programs create temporary files in /tmp or /var/tmp that aren’t erased for one reason or another. Some programs, especially editors, like to make backup copies of each file they work with.
A partial solution to the junk file problem is to institute some sort of nightly disk space reclamation out of cron. Modern systems usually come with something of this sort set up for you, but it’s a good idea to review your system’s default behavior to make sure it’s appropriate for your situation. Below are several common idioms implemented with the find command.
find / -xdev -name core -atime +7 -exec rm -f {} ';'
This command removes core images that have not been accessed in a week. The -xdev argument makes sure that find won’t cross over to filesystems other than the root; this restraint is important on networks where many filesystems may be cross-mounted.5
If you want to clean up more than one filesystem, use a separate command for each (note that /var is often a separate filesystem).
find / -xdev -atime +3 '(' -name '#*' -o -name '.#*' -o -name '*.CKP' -o
-name '*~' -o -name '.nfs*' ')' -exec rm -f {}';'
This command deletes files that begin with # or .# or .nfs, or end with ~ or .CKP, and that have not been accessed in three days. These patterns are typical of various sorts of temporary and editor backup files.
find /var/preserve -mtime +14 -exec rm -f {} ';'
This command removes files in /var/preserve two weeks after they were last modified. This directory is used by vi to store copies of files that users were editing when the system crashed. These files are never removed unless they are claimed by their owners with vi -r filename.
cd /tmp; find . ! -name . ! -name lost+found