Solved

crontab and user profile's questions

Posted on 2000-04-26
19
703 Views
Last Modified: 2008-03-03
2 administrators left the company and their user's ID were deleted. But I found that they left the crontab files under /var/spool/cron/crontabs. Moreover, I believe that when they were in the company, they modified their profile as root(I mean, they modified the /etc/passwd file and change their user ID number to 0).
Now I doubt if their crontab files are running, and can I use the command "crontab -r username" to remove their crontab file, or just delete their crontab files that under /var/spool/cron/crontabs directly.
If you think this question should be value more points, please let me know. Thanks a lot!
0
Comment
Question by:maixp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
19 Comments
 
LVL 1

Accepted Solution

by:
struyfsj earned 75 total points
ID: 2750755
maixp

You will not be able to use the command crontab -r <username> because these users do not exist int he passwd-file anymore.

You can delete the crontab file directly in /var/spool/cron/crontabs but first make sure they have no important command running .  If they have, move them to the (real) root crontab and then delete them.

PS:  Never allow normal userid to have an ID below 100.  Certainly not 0 because these users have full root privileges.


JS
0
 
LVL 84

Expert Comment

by:ozo
ID: 2750760
Yes, you can just delete their crontab files that under /var/spool/cron/crontabs directly.
(unless they are running some vital administative function, in which case you should move those functions to root)
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2751032
I suggest you reboot the system as well, as cron only reads the crontab files when it starts up.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:maixp
ID: 2751212
Adjusted points from 50 to 75
0
 

Author Comment

by:maixp
ID: 2751213
How can I move them into the root's cronatb?
May I just modify the files under /var/spool/cron/crontabs? I tried to use command "crontab -e" after I login as root, but it only showed me a "142" and then the blank space. As long as I type any keys and press "enter", it showed a question mark to me! I even had no idea to quit this window even I try "crtl+c"( I dont' dare to try "crtl+d")! At last I had to open another Xterm and kill the crontab process. What happen?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2751244
maixp

You can not use the crontab -e, -l or -r as root for username that have been deleted from the passwd-file.

You can edit the files under /var/spool/cron/crontabs, but be carefull the syntax is right.  When you exit out of crontab -e it checks for syntax error but a normal editor does not.

JS

0
 

Author Comment

by:maixp
ID: 2751273
To  struyfsj :
Thanks. But I don't understand. I login as root, and run "crontab -e" in order to edit root's crontab file. Why I can't?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2754713
maixp,

Could you try (as root):
crontab -e
crontab -e root
crontab -l
crontab -l root
cat /var/spool/cron/crontabs/root

Is there a difference between the output of those commands?

Restart cron (/etc/init.d/cron stop; /etc/init.d/cron start) and try again.



JS
0
 

Author Comment

by:maixp
ID: 2758964
To struyfsj:
Thanks.
I tried the command as you told me. The first 4 lines' results are same as I described before. When I use "cat ..." it showed that file's content. When I run "/etc/init.d/cron stop" and "/etc/init.d/cron start", it both showed:
# ! Can not start cron; FIFO exists Fri Apr 28 ...
! *******CRON ABORTED*******Fri APr 28 ...

I have no idea completely. Please help!

0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2759073
maixp,

could you post the output of uname -a.
This to find out at what patchlevel you are and what OS.

Is cron still running? (ps -ef | grep cron)
If it is kill it! ( kill <pid of cron>) If it doen not die kill -9 <pid of cron>
Is there a file /var/spool/cron/FIFO? (ls -ald /var/spool/cron/FIFO)
If it exists (i'm sure it exists) delete it! ( rm /var/spool/cron/FIFO)

Start cron again. (/etc/init.d/cron start)

JS
0
 

Author Comment

by:maixp
ID: 2759364
Thanks
Here is the uname's result:

# uname -a
SunOS SUN3000 5.5.1 Generic_103640-23 sun4u sparc SUNW,Ultra-Enterprise

And I run the commands as you told me. I killed the <pid of cron> successfully, but I couldn't find the FIFO file.
# ls -ald /var/spool/cron/FIFO
/var/spool/cron/FIFO: No such file or directory

Luckly, the "/etc/init.d/cron start" worked this time! It showed:
# ! No such user as zengzh - cron entries not created Fri Apr 28 21:46:22 2000
! No such user as root% - cron entries not created Fri Apr 28 21:46:22 2000
! No such user as zhangyz - cron entries not created Fri Apr 28 21:46:22 2000
PS, zengzh and zhangyz are the left administrator's userID. But why has a "root% "?

Now it seems that I can remove the left administrators' cron files directly? And modify the "crontab -e root"? Yes, or no?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2759607
maixp,

strange things going on there.
When starting cron, is probably checks if the file in /var/spool/cron/crontabs correspond with userids.
This is not the case for zengzh and zhangyz because you deleted them and root% is possibly a backup of the root crontab.

Is there a root% file in /var/spool/cron/crontabs?


JS
0
 

Author Comment

by:maixp
ID: 2759682
Yes, there is a file named "root%" under /var/spool/cron/crontabs, and I checked it and found that its content is as same as file "root".
This situation is different from the books I have read. Do you have any suggestion for me? Can I remove those files now? And can I modify the root's crontab now?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2764200
maixp,

You can safely remove the root%, and the 2 other crontabs in /var/spool/cron/crontabs.

If you start and stop cron you will not get any errors.

JS
0
 

Author Comment

by:maixp
ID: 2768364
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768366
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768368
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768370
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768376
Have deal with most of the problems. Thanks, struyfsj.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
nodeip 9 92
Bad Block Relocation for Synchronous GLVM AIX 7.1 2 79
ACL in Solaris 10 & AIX V6.1 to circumvent application required  grp:rwx 9 121
lunix and unix command 21 116
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question