crontab and chmod/chgrp/chown

Hi,

As far as i remember crontab you have to specify how often you want it to be run - eg. use:

*/5 * * * * <commands>

To have it running every 5 minutes - try this in stead...

/Martin

Several things: If you need to be changing permissions via a cron job, there may be a better way to resolve the situation.

Next: what do you mean by cd ~admin ?
Do you mean ~/admin ?
cd ~ will take you to the home directory of the user you are working as.

Then: for a string of commands, you should create a script, make sure it is write-able by root only, and that you make it executable.

pico /usr/local/bin/myscript.sh

#! /bin/sh

cd /Users/admin
mkdir test
chown root:admin test
chmod 777 test

(save the file).

sudo chmod 755 /usr/local/bin/myscript.sh

Then add the crontab entry:

sudo crontab -e

05 /1 * * * /usr/local/bin/myscript.sh


This will only work if your shortname (home directory) is truly named "admin" of course.

Good luck 🙂

Next: what do you mean by cd ~admin ?
Do you mean ~/admin ?
cd ~ will take you to the home directory of the user
you are working as.

cd ~ username will take you to username's home directory. So syntactically this is quite correct. If it makes sense is to be discussed.

Then: for a string of commands, you should create a
script, make sure it is write-able by root only, and
that you make it executable.

If you want to prevent normal users from calling the script directly permissions of root:wheel and mode 500 should give you sufficient security for the script itself. Just make sure that the directory the script resides in doesn't have write permissions for more users than the script or otherwise a user may just replace your script no matter what the script's permissions are.

sudo crontab -e

be aware that this will usually use vi as text editor and not pico. So you might want to get aquainted with vi before. 🙂

You might want to change the creation of your directory to

mkdir -p ~admin/test
which will only create the directory if it doesn't already exist, and create non existing directories in mid path as well. See the man page for mkdir.

I also suggest that you move your commands into a script to ensure they are executed in the exact order you want/need them to. Also be careful with chmodding 777 and root owned directories/files. Might easily be exploited as instant rootkit.
MacLemon

When this is run from /etc/crontab:

* * * * * root cd ~admin; mkdir test
* * * * * root cd ~admin; chown root test
* * * * * root cd ~admin; chgrp admin test
* * * * * root cd ~admin; chmod 777 test

only the first command works.

When i put these into a script and run it via command
line, all 4 work fine. I remember having used
crontab to do permission before, so I'm not sure what
the story is.

That is because you are telling Cron to run all these command at the same moment. Ok your choices are 1:

Code:
*/5 * * * * root cd ~admin; mkdir test
1,6,11,16,21,26,31,36,41,46,51,56 * * * * root cd ~admin; chown root test
2,7,12,17,22,27,32,37,42,47,52,57 * * * * root cd ~admin; chgrp admin test
3,8,13,18,23,28,33,38,43,48,53,58 * * * * root cd ~admin; chmod 777 test

(my use of progressions are not what they used to be so that is what I can come up with this early in the day)

#2: You could put them into a script which would work fine

or

#3: you could append them together like this

Code:
* * * * * root cd ~admin; mkdir test;chown root test;chgrp admin test;chmod 777 test

That is all one line or you could replace the semi-colons with double amersands '&&' which says that if the previous command exited without an error then do the next one (Like this)

Code:
* * * * * root cd ~admin && mkdir test && chown root test && chgrp admin test && chmod 777 test

again that is all on one line. That would be probably the safest without a script. I would recommend #2. Do use a script whyere you can as you can ensure that one step did work before another and then if someting fails you can recover back to earlier steps if necessary. You do not need to create a .sh file but can run the script from one line. This could be an example of the first part..

Code:
cd ~admin ; if [ -d test ];then ;else mkdir test;fi

and while this is a full script it does not need to be in a script file.

Peter

PowerMac G5 Dual 2.5Ghz Mac OS X (10.4.3) Server

Since cron can't run all these commands at the same time (you can't chmod the directory before mkdir has finished creating it), he other solution is to add a small delay between each command;

* * * * * cd ~admin; mkdir test
* * * * * sleep 1; cd ~admin; chown root test
* * * * * sleep 2; cd ~admin; chgrp admin test
* * * * * sleep 3; cd ~admin; chmod 777 test

Note that in this specific case you can halve the number of commands to run. mkdir accepts a -m switch to set the permissions as the directory is created, and chown can set both the owner and group at the same time:

* * * * * cd ~admin; mkdir -m 777 test
* * * * * sleep 1; cd ~admin; chown root:admin test

Note that in this specific case you can halve the number of commands to run. mkdir accepts a -m switch to set the permissions as the directory is created, and chown can set both the owner and group at the same time:

* * * * * cd ~admin; mkdir -m 777 test
* * * * * sleep 1; cd ~admin; chown root:admin test

You can further reduce that to:

mkdir -p -m 777 ~admin/test
chown root:admin ~admin/test

Though, I'd do this with a 4 line shell script and call that one from cron/launchd.

Code:

#!/bin/sh
TheDirectory="~admin/test"
mkdir -p -m 777 $TheDirectory
chown root:admin $TheDirectory

MacLemon

PowerBook G4 Mac OS X (10.4.3)