Solved

crontab and user profile's questions

Posted on 2000-04-26
19
690 Views
Last Modified: 2008-03-03
2 administrators left the company and their user's ID were deleted. But I found that they left the crontab files under /var/spool/cron/crontabs. Moreover, I believe that when they were in the company, they modified their profile as root(I mean, they modified the /etc/passwd file and change their user ID number to 0).
Now I doubt if their crontab files are running, and can I use the command "crontab -r username" to remove their crontab file, or just delete their crontab files that under /var/spool/cron/crontabs directly.
If you think this question should be value more points, please let me know. Thanks a lot!
0
Comment
Question by:maixp
19 Comments
 
LVL 1

Accepted Solution

by:
struyfsj earned 75 total points
ID: 2750755
maixp

You will not be able to use the command crontab -r <username> because these users do not exist int he passwd-file anymore.

You can delete the crontab file directly in /var/spool/cron/crontabs but first make sure they have no important command running .  If they have, move them to the (real) root crontab and then delete them.

PS:  Never allow normal userid to have an ID below 100.  Certainly not 0 because these users have full root privileges.


JS
0
 
LVL 84

Expert Comment

by:ozo
ID: 2750760
Yes, you can just delete their crontab files that under /var/spool/cron/crontabs directly.
(unless they are running some vital administative function, in which case you should move those functions to root)
0
 
LVL 20

Expert Comment

by:tfewster
ID: 2751032
I suggest you reboot the system as well, as cron only reads the crontab files when it starts up.
0
 

Author Comment

by:maixp
ID: 2751212
Adjusted points from 50 to 75
0
 

Author Comment

by:maixp
ID: 2751213
How can I move them into the root's cronatb?
May I just modify the files under /var/spool/cron/crontabs? I tried to use command "crontab -e" after I login as root, but it only showed me a "142" and then the blank space. As long as I type any keys and press "enter", it showed a question mark to me! I even had no idea to quit this window even I try "crtl+c"( I dont' dare to try "crtl+d")! At last I had to open another Xterm and kill the crontab process. What happen?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2751244
maixp

You can not use the crontab -e, -l or -r as root for username that have been deleted from the passwd-file.

You can edit the files under /var/spool/cron/crontabs, but be carefull the syntax is right.  When you exit out of crontab -e it checks for syntax error but a normal editor does not.

JS

0
 

Author Comment

by:maixp
ID: 2751273
To  struyfsj :
Thanks. But I don't understand. I login as root, and run "crontab -e" in order to edit root's crontab file. Why I can't?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2754713
maixp,

Could you try (as root):
crontab -e
crontab -e root
crontab -l
crontab -l root
cat /var/spool/cron/crontabs/root

Is there a difference between the output of those commands?

Restart cron (/etc/init.d/cron stop; /etc/init.d/cron start) and try again.



JS
0
 

Author Comment

by:maixp
ID: 2758964
To struyfsj:
Thanks.
I tried the command as you told me. The first 4 lines' results are same as I described before. When I use "cat ..." it showed that file's content. When I run "/etc/init.d/cron stop" and "/etc/init.d/cron start", it both showed:
# ! Can not start cron; FIFO exists Fri Apr 28 ...
! *******CRON ABORTED*******Fri APr 28 ...

I have no idea completely. Please help!

0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Expert Comment

by:struyfsj
ID: 2759073
maixp,

could you post the output of uname -a.
This to find out at what patchlevel you are and what OS.

Is cron still running? (ps -ef | grep cron)
If it is kill it! ( kill <pid of cron>) If it doen not die kill -9 <pid of cron>
Is there a file /var/spool/cron/FIFO? (ls -ald /var/spool/cron/FIFO)
If it exists (i'm sure it exists) delete it! ( rm /var/spool/cron/FIFO)

Start cron again. (/etc/init.d/cron start)

JS
0
 

Author Comment

by:maixp
ID: 2759364
Thanks
Here is the uname's result:

# uname -a
SunOS SUN3000 5.5.1 Generic_103640-23 sun4u sparc SUNW,Ultra-Enterprise

And I run the commands as you told me. I killed the <pid of cron> successfully, but I couldn't find the FIFO file.
# ls -ald /var/spool/cron/FIFO
/var/spool/cron/FIFO: No such file or directory

Luckly, the "/etc/init.d/cron start" worked this time! It showed:
# ! No such user as zengzh - cron entries not created Fri Apr 28 21:46:22 2000
! No such user as root% - cron entries not created Fri Apr 28 21:46:22 2000
! No such user as zhangyz - cron entries not created Fri Apr 28 21:46:22 2000
PS, zengzh and zhangyz are the left administrator's userID. But why has a "root% "?

Now it seems that I can remove the left administrators' cron files directly? And modify the "crontab -e root"? Yes, or no?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2759607
maixp,

strange things going on there.
When starting cron, is probably checks if the file in /var/spool/cron/crontabs correspond with userids.
This is not the case for zengzh and zhangyz because you deleted them and root% is possibly a backup of the root crontab.

Is there a root% file in /var/spool/cron/crontabs?


JS
0
 

Author Comment

by:maixp
ID: 2759682
Yes, there is a file named "root%" under /var/spool/cron/crontabs, and I checked it and found that its content is as same as file "root".
This situation is different from the books I have read. Do you have any suggestion for me? Can I remove those files now? And can I modify the root's crontab now?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2764200
maixp,

You can safely remove the root%, and the 2 other crontabs in /var/spool/cron/crontabs.

If you start and stop cron you will not get any errors.

JS
0
 

Author Comment

by:maixp
ID: 2768364
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768366
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768368
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768370
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768376
Have deal with most of the problems. Thanks, struyfsj.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now