crontab(5) - phpMan

CRONTAB(5) CRONTAB(5)

NAME
crontab - tables for driving cron (ISC Cron V4.1)

DESCRIPTION
A crontab file contains instructions to the cron(8) daemon of the general form:
"run this command at this time on this date". Each user has their own crontab, and
commands in any given crontab will be executed as the user who owns the crontab.
Uucp and News will usually have their own crontabs, eliminating the need for
explicitly running su(1) as part of a cron command.

Blank lines and leading spaces and tabs are ignored. Lines whose first non-space
character is a pound-sign (#) are comments, and are ignored. Note that comments
are not allowed on the same line as cron commands, since they will be taken to be
part of the command. Similarly, comments are not allowed on the same line as envi-
ronment variable settings.

An active line in a crontab will be either an environment setting or a cron com-
mand. An environment setting is of the form,

name = value

where the spaces around the equal-sign (=) are optional, and any subsequent non-
leading spaces in value will be part of the value assigned to name. The value
string may be placed in quotes (single or double, but matching) to preserve leading
or trailing blanks.

Several environment variables are set up automatically by the cron(8) daemon.
SHELL is set to /bin/sh, and LOGNAME and HOME are set from the /etc/passwd line of
the crontab?s owner. HOME and SHELL may be overridden by settings in the crontab;
LOGNAME may not.

(Another note: the LOGNAME variable is sometimes called USER on BSD systems... on
these systems, USER will be set also.)

In addition to LOGNAME, HOME, and SHELL, cron(8) will look at MAILTO if it has any
reason to send mail as a result of running commands in "this" crontab. If MAILTO
is defined (and non-empty), mail is sent to the user so named. If MAILTO is
defined but empty (MAILTO=""), no mail will be sent. Otherwise mail is sent to the
owner of the crontab. This option is useful if you decide on /bin/mail instead of
/usr/lib/sendmail as your mailer when you install cron -- /bin/mail doesn?t do
aliasing, and UUCP usually doesn?t read its mail.

By default, cron will send mail using the mail 'Content-Type:' header of
'text/plain' with the 'charset=' parameter set to the charmap / codeset of the
locale in which crond(8) is started up - ie. either the default system locale, if
no LC_* environment variables are set, or the locale specified by the LC_* environ-
ment variables (see locale(7)). You can use different character encodings for
mailed cron job output by setting the CONTENT_TYPE and CONTENT_TRANSFER_ENCODING
variables in crontabs, to the correct values of the mail headers of those names.

The MLS_LEVEL environment variable provides support for multiple per-job SELinux
security contexts in the same crontab. By default, cron jobs execute with the
default SELinux security context of the user that created the crontab file. When
using multiple security levels and roles, this may not be sufficient, because the
same user may be running in a different role or at a different security level. For
more about roles and SELinux MLS/MCS see selinux(8) and undermentioned crontab
example. You can set MLS_LEVEL to the SELinux security context string specifying
the SELinux security context in which you want the job to run, and crond will set
the execution context of the or jobs to which the setting applies to the specified
context. See also the crontab(1) -s option.

The format of a cron command is very much the V7 standard, with a number of upward-
compatible extensions. Each line has five time and date fields, followed by a user
name if this is the system crontab file, followed by a command. Commands are exe-
cuted by cron(8) when the minute, hour, and month of year fields match the current
time, and at least one of the two day fields (day of month, or day of week) match
the current time (see "Note" below). Note that this means that non-existent times,
such as "missing hours" during daylight savings conversion, will never match, caus-
ing jobs scheduled during the "missing times" not to be run. Similarly, times that
occur more than once (again, during daylight savings conversion) will cause match-
ing jobs to be run twice.

cron(8) examines cron entries once every minute.

The time and date fields are:

field allowed values
----- --------------
minute 0-59
hour 0-23
day of month 1-31
month 1-12 (or names, see below)
day of week 0-7 (0 or 7 is Sun, or use names)

A field may be an asterisk (*), which always stands for "first-last".

Ranges of numbers are allowed. Ranges are two numbers separated with a hyphen.
The specified range is inclusive. For example, 8-11 for an "hours" entry specifies
execution at hours 8, 9, 10 and 11.

Lists are allowed. A list is a set of numbers (or ranges) separated by commas.
Examples: "1,2,5,9", "0-4,8-12".

Step values can be used in conjunction with ranges. Following a range with "<num-
ber>" specifies skips of the number's value through the range. For example,
"0-23/2" can be used in the hours field to specify command execution every other
hour (the alternative in the V7 standard is "0,2,4,6,8,10,12,14,16,18,20,22").
Steps are also permitted after an asterisk, so if you want to say "every two
hours", just use "*/2".

Names can also be used for the "month" and "day of week" fields. Use the first
three letters of the particular day or month (case doesn't matter). Ranges or
lists of names are not allowed.

The "sixth" field (the rest of the line) specifies the command to be run. The
entire command portion of the line, up to a newline or % character, will be exe-
cuted by /bin/sh or by the shell specified in the SHELL variable of the cronfile.
Percent-signs (%) in the command, unless escaped with backslash (\), will be
changed into newline characters, and all data after the first % will be sent to the
command as standard input.

Note: The day of a command's execution can be specified by two fields -- day of
month, and day of week. If both fields are restricted (ie, aren't *), the command
will be run when either field matches the current time. For example,
"30 4 1,15 * 5" would cause a command to be run at 4:30 am on the 1st and 15th of
each month, plus every Friday.

EXAMPLE CRON FILE
# use /bin/sh to run commands, no matter what /etc/passwd says
SHELL=/bin/sh
# mail any output to 'paul', no matter whose crontab this is
MAILTO=paul
#
# run five minutes after midnight, every day
5 0 * * * $HOME/bin/daily.job >> $HOME/tmp/out 2>&1
# run at 2:15pm on the first of every month -- output mailed to paul
15 14 1 * * $HOME/bin/monthly
# run at 10 pm on weekdays, annoy Joe
0 22 * * 1-5 mail -s "It's 10pm" joe%Joe,%%Where are your kids?%
23 0-23/2 * * * echo "run 23 minutes after midn, 2am, 4am ..., everyday"
5 4 * * sun echo "run at 5 after 4 every sunday"

SELinux with multi level security (MLS)
In crontab is important specified security level by crontab -s or specifying the
required level on the first line of the crontab. Each level is specified in
/etc/selinux/targeted/seusers. For using crontab in MLS mode is really important:
- check/change actual role,
- set correct role for directory, which is used for input/output.

EXAMPLE FOR SELINUX MLS
# login as root
newrole -r sysadm_r
mkdir /tmp/SystemHigh
chcon -l SystemHigh /tmp/SystemHigh
crontab -e
# write in crontab file
MLS_LEVEL=SystemHigh
0-59 * * * * id -Z > /tmp/SystemHigh/crontest
Now if I log in as a normal user it can't work, because /tmp/SystemHigh is
higher than my level.

FILES
/etc/crontab system crontab file