1

On Debian and its derivatives, how shall we understand the following seemingly contradictory facts:

  • /etc/crontab and /etc/cron.d/* have a user field, meaning that a job is running as the user (either root or nonroot).

  • the jobs in /etc/crontab and /etc/cron.d/* are system jobs not user-specific jobs?

If you want to run a job either as root or as a nonroot user, where would you add the job: /etc/crontab, /etc/cron.d/*, or /var/spool/cron/crontab/<user>?

Stephen's comment at How are files under /etc/cron.d used? clarifies a lot, but I still can't figure that out

A system job is a job which applies to the whole system. A user-specific job is a job run on behalf of a specific user; typically, tasks which the user would do manually while logged in, but which he/she wishes to perform periodically and automatically — e.g. backups of specific files, or refreshes of remote development repositories, or mail processing, or mirroring web sites

Thanks.

Tim
  • 101,790
  • Surely the description at https://unix.stackexchange.com/a/478785/5132 of when one would use each of the three already answers this. – JdeBP Nov 01 '18 at 15:53
  • @JdeBP Thanks for reminding. Meanwhile, if I may, I was wondering about https://unix.stackexchange.com/questions/478998/how-does-anacron-determine-daily-weekly-and-monthly-job-to-run – Tim Nov 01 '18 at 15:58

2 Answers2

4

I tend to use the various cron configuration files as follows:

  • /var/spool/cron/crontab is used by “real” users (i.e. users corresponding to humans using the system), edited using crontab -e;
  • /etc/cron.d is used for package-provided cron jobs, which can run as a “system” user (e.g. logcheck for logcheck’s cron jobs); as mentioned in answers to some of your other questions on the topic, /etc/cron.d is intended for use by packages, at least on Debian-based systems;
  • /etc/crontab would be used for locally-defined system jobs, run as root, except that I find /etc/cron.{hourly,daily,weekly,monthly} more convenient for those.

In my comment, by “user” I meant “human-backed user” (if you’ll allow me the expression). Jobs run as “system users”, root or otherwise, are system jobs in my mind.

From a Debian packaging perspective, Debian Policy describes the recommended practice regarding cron jobs: in summary, use /etc/cron.{hourly,daily,weekly,monthly} if appropriate, /etc/cron.d otherwise. It’s therefore normal to see package-provide jobs in all five directories.

Stephen Kitt
  • 434,908
  • Thanks. Some questions, if I may. (1) "/etc/cron.d is used for package-provided cron jobs, which typically run as a “system” user ". I was wondering why all the cron jobs in my /etc/cron.d/ (anacron popularity-contest sysstat) are run as root instead of nonroot system users? (2) The files under /etc/cron.{hourly,daily,weekly,monthly} look like per package. So can that be confusing with /etc/cron.d/*? – Tim Nov 01 '18 at 19:41
  • (3) Suppose I have a bash script to be run as often as once in 15 minutes, and the script first sudo service reload a system service and then calls my program to use the service. Should I put the script in a crontab file in /etc/cron.d/, /etc/crontab, or /var/spool/cron/crontabs/t? Since the script contains sudo, shall I run it as myself and provide my password to sudo, or run it as root? – Tim Nov 01 '18 at 22:33
  • I’ve addressed questions 1 and 2 in my update. 3 is a follow-up question IMO (it needs clarification: why does your script have to sudo, what is /var/spool/cron/crontabs/t, are you using systemd?). – Stephen Kitt Nov 02 '18 at 09:26
  • Thanks. (3) I am using Ubuntu, so I guess I am using systemd. My bash script needs sudo because it needs to run sudo service <someservice> reload. My script is written by myself, not provided by a package or the OS, and does that mean that I should run it as myself in a job in my crontab file /var/spool/cron/crontabs/t? sudo will ask for password then. To avoid providing sudo password, shall I run the script as root in a job in /etc/crontab or /etc/cron.d/? (I am ruling out /etc/cron.{hourly,daily,weekly,monthly}, because the script needs to be run once in 15 mins). – Tim Nov 02 '18 at 17:29
  • But my script is written by myself, not provided by a package or the OS, so I am sure if it is good practice to specify to run my script in /etc/crontab or /etc/cron.d/, is it? – Tim Nov 02 '18 at 17:33
3

The crontabs under /etc can only be edited manually by root (or implicitly by root while installing some package). These crontabs would typically be used to schedule jobs relating to services on the system. Therefore, these are "system jobs". Some of these services may well run as users other than root.

The spooled crontabs in /var are the user specific crontabs. A user should use crontab -e to edit their own personal crontab (this may be a reasonable thing for root to do as well). A user who is not tied to any specific service on the system (i.e. a human being) should not need to have cron jobs running in their name in the crontabs under /etc.

Kusalananda
  • 333,661