Can symlinks be used in /etc/cron.d/?
I'm trying to implement a configuration mechanism that allows in a certain project to deploy through svn a cron configuration.
I immediately thougt that what I should do is cerate symlinks from /etc/cron.d/ to my project's cron file (which in turn is controlled by a vcs), but that seems to not be working.
I found some old forum messages referring that symlinks were not supported and other saying that they are. Which is it?
Is there anything else or any other good way to achieve this?
Solution 1:
According to man crond
CAVEATS
All crontab files have to be regular files or symlinks to regular files, they must not be executable or writable for anyone else but the owner. This requirement can be overridden by using the -p option on the crond command line. If inotify support is in use, changes in the symlinked crontabs are not automatically noticed by the cron daemon. The cron daemon must receive a SIGHUP signal to reload the crontabs. This is a limitation of the inotify API.
The syslog output will be used instead of mail, when sendmail is not installed.
It annoyed the living crap out of me as well, In short yes you can use symlinks however, if not a regular file or a symlink to a regular file, it must use -p
switch.
Solution 2:
This has security implications. The scripts in /etc/cron.d/ are run by root with root privileges. It's a bad idea to symlink scripts there that are owned and writable for non-root users, since your system could be compromised that way
Solution 3:
I'd check the cron manpage for your version of Ubuntu (I assume we're talking Ubuntu on this forum!):
Files in this directory have to be owned by root, do not need to be executable (they are configuration files, just like /etc/crontab) and must conform to the same naming convention as used by run-parts(8): they must consist solely of upper- and lower-case letters, digits, underscores, and hyphens. This means that they cannot contain any dots.
As Florian points out, if this file is writable by non-root users, it's a security hole because the jobs will be run by root (for whoever is named as the job owner in the file). Also note, therefore, that
This directory can contain any file defining tasks following the format used in /etc/crontab, i.e. unlike the user cron spool, these files must provide the username to run the task as in the task definition.
i.e. pop the username in before the command to run.