Solved

crontab and user profile's questions

Posted on 2000-04-26
19
707 Views
Last Modified: 2008-03-03
2 administrators left the company and their user's ID were deleted. But I found that they left the crontab files under /var/spool/cron/crontabs. Moreover, I believe that when they were in the company, they modified their profile as root(I mean, they modified the /etc/passwd file and change their user ID number to 0).
Now I doubt if their crontab files are running, and can I use the command "crontab -r username" to remove their crontab file, or just delete their crontab files that under /var/spool/cron/crontabs directly.
If you think this question should be value more points, please let me know. Thanks a lot!
0
Comment
Question by:maixp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
19 Comments
 
LVL 1

Accepted Solution

by:
struyfsj earned 75 total points
ID: 2750755
maixp

You will not be able to use the command crontab -r <username> because these users do not exist int he passwd-file anymore.

You can delete the crontab file directly in /var/spool/cron/crontabs but first make sure they have no important command running .  If they have, move them to the (real) root crontab and then delete them.

PS:  Never allow normal userid to have an ID below 100.  Certainly not 0 because these users have full root privileges.


JS
0
 
LVL 84

Expert Comment

by:ozo
ID: 2750760
Yes, you can just delete their crontab files that under /var/spool/cron/crontabs directly.
(unless they are running some vital administative function, in which case you should move those functions to root)
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2751032
I suggest you reboot the system as well, as cron only reads the crontab files when it starts up.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:maixp
ID: 2751212
Adjusted points from 50 to 75
0
 

Author Comment

by:maixp
ID: 2751213
How can I move them into the root's cronatb?
May I just modify the files under /var/spool/cron/crontabs? I tried to use command "crontab -e" after I login as root, but it only showed me a "142" and then the blank space. As long as I type any keys and press "enter", it showed a question mark to me! I even had no idea to quit this window even I try "crtl+c"( I dont' dare to try "crtl+d")! At last I had to open another Xterm and kill the crontab process. What happen?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2751244
maixp

You can not use the crontab -e, -l or -r as root for username that have been deleted from the passwd-file.

You can edit the files under /var/spool/cron/crontabs, but be carefull the syntax is right.  When you exit out of crontab -e it checks for syntax error but a normal editor does not.

JS

0
 

Author Comment

by:maixp
ID: 2751273
To  struyfsj :
Thanks. But I don't understand. I login as root, and run "crontab -e" in order to edit root's crontab file. Why I can't?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2754713
maixp,

Could you try (as root):
crontab -e
crontab -e root
crontab -l
crontab -l root
cat /var/spool/cron/crontabs/root

Is there a difference between the output of those commands?

Restart cron (/etc/init.d/cron stop; /etc/init.d/cron start) and try again.



JS
0
 

Author Comment

by:maixp
ID: 2758964
To struyfsj:
Thanks.
I tried the command as you told me. The first 4 lines' results are same as I described before. When I use "cat ..." it showed that file's content. When I run "/etc/init.d/cron stop" and "/etc/init.d/cron start", it both showed:
# ! Can not start cron; FIFO exists Fri Apr 28 ...
! *******CRON ABORTED*******Fri APr 28 ...

I have no idea completely. Please help!

0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2759073
maixp,

could you post the output of uname -a.
This to find out at what patchlevel you are and what OS.

Is cron still running? (ps -ef | grep cron)
If it is kill it! ( kill <pid of cron>) If it doen not die kill -9 <pid of cron>
Is there a file /var/spool/cron/FIFO? (ls -ald /var/spool/cron/FIFO)
If it exists (i'm sure it exists) delete it! ( rm /var/spool/cron/FIFO)

Start cron again. (/etc/init.d/cron start)

JS
0
 

Author Comment

by:maixp
ID: 2759364
Thanks
Here is the uname's result:

# uname -a
SunOS SUN3000 5.5.1 Generic_103640-23 sun4u sparc SUNW,Ultra-Enterprise

And I run the commands as you told me. I killed the <pid of cron> successfully, but I couldn't find the FIFO file.
# ls -ald /var/spool/cron/FIFO
/var/spool/cron/FIFO: No such file or directory

Luckly, the "/etc/init.d/cron start" worked this time! It showed:
# ! No such user as zengzh - cron entries not created Fri Apr 28 21:46:22 2000
! No such user as root% - cron entries not created Fri Apr 28 21:46:22 2000
! No such user as zhangyz - cron entries not created Fri Apr 28 21:46:22 2000
PS, zengzh and zhangyz are the left administrator's userID. But why has a "root% "?

Now it seems that I can remove the left administrators' cron files directly? And modify the "crontab -e root"? Yes, or no?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2759607
maixp,

strange things going on there.
When starting cron, is probably checks if the file in /var/spool/cron/crontabs correspond with userids.
This is not the case for zengzh and zhangyz because you deleted them and root% is possibly a backup of the root crontab.

Is there a root% file in /var/spool/cron/crontabs?


JS
0
 

Author Comment

by:maixp
ID: 2759682
Yes, there is a file named "root%" under /var/spool/cron/crontabs, and I checked it and found that its content is as same as file "root".
This situation is different from the books I have read. Do you have any suggestion for me? Can I remove those files now? And can I modify the root's crontab now?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2764200
maixp,

You can safely remove the root%, and the 2 other crontabs in /var/spool/cron/crontabs.

If you start and stop cron you will not get any errors.

JS
0
 

Author Comment

by:maixp
ID: 2768364
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768366
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768368
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768370
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768376
Have deal with most of the problems. Thanks, struyfsj.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question