crond
Hurricane Electric Internet Services
NAME
crond - cron daemon (Dillon's Cron)
SYNOPSIS
crond [-l#] [-d[#]] [-f] [-b] [-c directory]
OPTIONS
crond is a background daemon that parses individual
crontab files and executes commands on behalf of the users
in question.
-l<loglevel>
set logging level, default is 8.
-d[<debuglevel>]
set debugging level, default is 0, if no level speci-
fied with -d option default is 1. This option also
sets the logging level to 0 and causes crond to run
in the foreground.
-f run crond in the foreground.
-b run crond in the background (default unless -d speci-
fied).
-c directory
specify directory containing crontab files.
DESCRIPTION
crond is responsible for scanning the crontab files and
running their commands at the appropriate time. The
crontab program communicates with crond through the
"cron.update" file which resides in crontabs directory,
usually /var/spool/cron/crontabs. This is accomplished by
appending the filename of the modified or deleted crontab
file to "cron.update" which crond then picks up to resyn-
chronize or remove its internal representation of the
file.
Crond has a number of built in limitations to reduce the
chance of it being ill-used. Potentially infinite loops
during parsing are dealt with via a failsafe counter, and
user crontabs are generally limited to 256 crontab
entries. crontab lines may not be longer than 1024 char-
acters, including the newline.
Whenever crond must run a job, it first creates a daemon-
owned temporary file O_EXCL and O_APPEND to store any out-
put, then fork()s and changes its user and group permis-
sions to match that of the user the job is being run for,
then exec's /bin/sh -c to run the job. The temporary file
remains under the ownership of the daemon to prevent the
user from tampering with it. Upon job completion, crond
verifies the secureness of the mail file and, if it has
been appended to, mails to the file to user. The sendmail
program is run under the user's uid to prevent mail
related security holes. Unlike crontab , the crond pro-
gram does not leave an open descriptor to the file for the
duration of the job's execution as this might cause crond
to run out of descriptors. When crontab program allows a
user to edit his crontab, it copies the crontab to a user
owned file before running the user's prefered editor. The
suid crontab programs keeps an open descriptor to the file
which it later uses to copy the file back, thereby ensur-
ing the user has not tampered with the file type.
Crond always synchronizes to the top of the minute, check-
ing the current time against the list of possible jobs.
The list is stored such that the scan goes very quickly,
and crond can deal with several thousand entries without
taking any noticable amount of cpu.
AUTHOR
Matthew Dillon (dillon@apollo.west.oic.com)
Hurricane Electric Internet Services
Copyright (C) 1998
Hurricane Electric.
All Rights Reserved.