Can symlinks be used in /etc/cron.d/?

cron symbolic-link configuration-management

I'm trying to implement a configuration mechanism that allows in a certain project to deploy through svn a cron configuration.

I immediately thougt that what I should do is cerate symlinks from /etc/cron.d/ to my project's cron file (which in turn is controlled by a vcs), but that seems to not be working.

I found some old forum messages referring that symlinks were not supported and other saying that they are. Which is it?

Is there anything else or any other good way to achieve this?


Solution 1:

According to man crond

CAVEATS

All crontab files have to be regular files or symlinks to regular files, they must not be executable or writable for anyone else but the owner. This requirement can be overridden by using the -p option on the crond command line. If inotify support is in use, changes in the symlinked crontabs are not automatically noticed by the cron daemon. The cron daemon must receive a SIGHUP signal to reload the crontabs. This is a limitation of the inotify API.

The syslog output will be used instead of mail, when sendmail is not installed.

It annoyed the living crap out of me as well, In short yes you can use symlinks however, if not a regular file or a symlink to a regular file, it must use -p switch.

Solution 2:

This has security implications. The scripts in /etc/cron.d/ are run by root with root privileges. It's a bad idea to symlink scripts there that are owned and writable for non-root users, since your system could be compromised that way

Solution 3:

I'd check the cron manpage for your version of Ubuntu (I assume we're talking Ubuntu on this forum!):

Files in this directory have to be owned by root, do not need to be executable (they are configuration files, just like /etc/crontab) and must conform to the same naming convention as used by run-parts(8): they must consist solely of upper- and lower-case letters, digits, underscores, and hyphens. This means that they cannot contain any dots.

As Florian points out, if this file is writable by non-root users, it's a security hole because the jobs will be run by root (for whoever is named as the job owner in the file). Also note, therefore, that

This directory can contain any file defining tasks following the format used in /etc/crontab, i.e. unlike the user cron spool, these files must provide the username to run the task as in the task definition.

i.e. pop the username in before the command to run.

Related

How to split .zip files and join them in Windows?
Share Desktop via Web Browser
how can I extract multiple gzip files in directory and subdirectories?
"System Policy prohibits use as a Hotspot" when trying to turn on WiFi hotspot (option grayed out)
Why do I need root privileges to umount a drive at the command line, but not in Nautilus? How to change that?
How to install autoconf
Static and crackling in my HDMI audio?
Nvidia API mismatch
touchpad two finger scroll too fast
How to extract first file from cbz files in one batch?
How to install Steam in 20.04 focal
Converting .mov for Davinci Resolve