Solved

crontab and user profile's questions

Posted on 2000-04-26
19
693 Views
Last Modified: 2008-03-03
2 administrators left the company and their user's ID were deleted. But I found that they left the crontab files under /var/spool/cron/crontabs. Moreover, I believe that when they were in the company, they modified their profile as root(I mean, they modified the /etc/passwd file and change their user ID number to 0).
Now I doubt if their crontab files are running, and can I use the command "crontab -r username" to remove their crontab file, or just delete their crontab files that under /var/spool/cron/crontabs directly.
If you think this question should be value more points, please let me know. Thanks a lot!
0
Comment
Question by:maixp
19 Comments
 
LVL 1

Accepted Solution

by:
struyfsj earned 75 total points
ID: 2750755
maixp

You will not be able to use the command crontab -r <username> because these users do not exist int he passwd-file anymore.

You can delete the crontab file directly in /var/spool/cron/crontabs but first make sure they have no important command running .  If they have, move them to the (real) root crontab and then delete them.

PS:  Never allow normal userid to have an ID below 100.  Certainly not 0 because these users have full root privileges.


JS
0
 
LVL 84

Expert Comment

by:ozo
ID: 2750760
Yes, you can just delete their crontab files that under /var/spool/cron/crontabs directly.
(unless they are running some vital administative function, in which case you should move those functions to root)
0
 
LVL 20

Expert Comment

by:tfewster
ID: 2751032
I suggest you reboot the system as well, as cron only reads the crontab files when it starts up.
0
 

Author Comment

by:maixp
ID: 2751212
Adjusted points from 50 to 75
0
 

Author Comment

by:maixp
ID: 2751213
How can I move them into the root's cronatb?
May I just modify the files under /var/spool/cron/crontabs? I tried to use command "crontab -e" after I login as root, but it only showed me a "142" and then the blank space. As long as I type any keys and press "enter", it showed a question mark to me! I even had no idea to quit this window even I try "crtl+c"( I dont' dare to try "crtl+d")! At last I had to open another Xterm and kill the crontab process. What happen?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2751244
maixp

You can not use the crontab -e, -l or -r as root for username that have been deleted from the passwd-file.

You can edit the files under /var/spool/cron/crontabs, but be carefull the syntax is right.  When you exit out of crontab -e it checks for syntax error but a normal editor does not.

JS

0
 

Author Comment

by:maixp
ID: 2751273
To  struyfsj :
Thanks. But I don't understand. I login as root, and run "crontab -e" in order to edit root's crontab file. Why I can't?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2754713
maixp,

Could you try (as root):
crontab -e
crontab -e root
crontab -l
crontab -l root
cat /var/spool/cron/crontabs/root

Is there a difference between the output of those commands?

Restart cron (/etc/init.d/cron stop; /etc/init.d/cron start) and try again.



JS
0
 

Author Comment

by:maixp
ID: 2758964
To struyfsj:
Thanks.
I tried the command as you told me. The first 4 lines' results are same as I described before. When I use "cat ..." it showed that file's content. When I run "/etc/init.d/cron stop" and "/etc/init.d/cron start", it both showed:
# ! Can not start cron; FIFO exists Fri Apr 28 ...
! *******CRON ABORTED*******Fri APr 28 ...

I have no idea completely. Please help!

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Expert Comment

by:struyfsj
ID: 2759073
maixp,

could you post the output of uname -a.
This to find out at what patchlevel you are and what OS.

Is cron still running? (ps -ef | grep cron)
If it is kill it! ( kill <pid of cron>) If it doen not die kill -9 <pid of cron>
Is there a file /var/spool/cron/FIFO? (ls -ald /var/spool/cron/FIFO)
If it exists (i'm sure it exists) delete it! ( rm /var/spool/cron/FIFO)

Start cron again. (/etc/init.d/cron start)

JS
0
 

Author Comment

by:maixp
ID: 2759364
Thanks
Here is the uname's result:

# uname -a
SunOS SUN3000 5.5.1 Generic_103640-23 sun4u sparc SUNW,Ultra-Enterprise

And I run the commands as you told me. I killed the <pid of cron> successfully, but I couldn't find the FIFO file.
# ls -ald /var/spool/cron/FIFO
/var/spool/cron/FIFO: No such file or directory

Luckly, the "/etc/init.d/cron start" worked this time! It showed:
# ! No such user as zengzh - cron entries not created Fri Apr 28 21:46:22 2000
! No such user as root% - cron entries not created Fri Apr 28 21:46:22 2000
! No such user as zhangyz - cron entries not created Fri Apr 28 21:46:22 2000
PS, zengzh and zhangyz are the left administrator's userID. But why has a "root% "?

Now it seems that I can remove the left administrators' cron files directly? And modify the "crontab -e root"? Yes, or no?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2759607
maixp,

strange things going on there.
When starting cron, is probably checks if the file in /var/spool/cron/crontabs correspond with userids.
This is not the case for zengzh and zhangyz because you deleted them and root% is possibly a backup of the root crontab.

Is there a root% file in /var/spool/cron/crontabs?


JS
0
 

Author Comment

by:maixp
ID: 2759682
Yes, there is a file named "root%" under /var/spool/cron/crontabs, and I checked it and found that its content is as same as file "root".
This situation is different from the books I have read. Do you have any suggestion for me? Can I remove those files now? And can I modify the root's crontab now?
0
 
LVL 1

Expert Comment

by:struyfsj
ID: 2764200
maixp,

You can safely remove the root%, and the 2 other crontabs in /var/spool/cron/crontabs.

If you start and stop cron you will not get any errors.

JS
0
 

Author Comment

by:maixp
ID: 2768364
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768366
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768368
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768370
Have deal with most of the problems. Thanks, struyfsj.
0
 

Author Comment

by:maixp
ID: 2768376
Have deal with most of the problems. Thanks, struyfsj.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AIX 5.3 group password policy changes 7 27
Using Grep to Find a file 8 87
Sed question 2 68
aix unix tar error 3 43
When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now