diff --git a/usr.sbin/cron/cron/do_command.c b/usr.sbin/cron/cron/do_command.c index 5687323f8c64..214baf2133ed 100644 --- a/usr.sbin/cron/cron/do_command.c +++ b/usr.sbin/cron/cron/do_command.c @@ -1,619 +1,634 @@ /* Copyright 1988,1990,1993,1994 by Paul Vixie * All rights reserved * * Distribute freely, except: don't remove my name from the source or * documentation (don't take credit for my work), mark your changes (don't * get me blamed for your possible bugs), don't alter or remove this * notice. May be sold if buildable source is provided to buyer. No * warrantee of any kind, express or implied, is included with this * software; use at your own risk, responsibility for damages (if any) to * anyone resulting from the use of this software rests entirely with the * user. * * Send bug reports, bug fixes, enhancements, requests, flames, etc., and * I'll try to keep a version up to date. I can be reached as follows: * Paul Vixie uunet!decwrl!vixie!paul */ #if !defined(lint) && !defined(LINT) static const char rcsid[] = "$FreeBSD$"; #endif #include "cron.h" #include #if defined(sequent) # include #endif #if defined(SYSLOG) # include #endif #if defined(LOGIN_CAP) # include #endif #ifdef PAM # include # include #endif static void child_process(entry *, user *); static WAIT_T wait_on_child(PID_T, const char *); +extern char *environ; + void do_command(e, u) entry *e; user *u; { pid_t pid; Debug(DPROC, ("[%d] do_command(%s, (%s,%d,%d))\n", getpid(), e->cmd, u->name, e->uid, e->gid)) /* fork to become asynchronous -- parent process is done immediately, * and continues to run the normal cron code, which means return to * tick(). the child and grandchild don't leave this function, alive. */ switch ((pid = fork())) { case -1: log_it("CRON",getpid(),"error","can't fork"); if (e->flags & INTERVAL) e->lastexit = time(NULL); break; case 0: /* child process */ pidfile_close(pfh); child_process(e, u); Debug(DPROC, ("[%d] child process done, exiting\n", getpid())) _exit(OK_EXIT); break; default: /* parent process */ Debug(DPROC, ("[%d] main process forked child #%d, " "returning to work\n", getpid(), pid)) if (e->flags & INTERVAL) { e->lastexit = 0; e->child = pid; } break; } Debug(DPROC, ("[%d] main process returning to work\n", getpid())) } static void child_process(e, u) entry *e; user *u; { int stdin_pipe[2], stdout_pipe[2]; register char *input_data; char *usernm, *mailto, *mailfrom; PID_T jobpid, stdinjob, mailpid; register FILE *mail; register int bytes = 1; int status = 0; # if defined(LOGIN_CAP) struct passwd *pwd; login_cap_t *lc; # endif Debug(DPROC, ("[%d] child_process('%s')\n", getpid(), e->cmd)) /* mark ourselves as different to PS command watchers by upshifting * our program name. This has no effect on some kernels. */ setproctitle("running job"); /* discover some useful and important environment settings */ usernm = env_get("LOGNAME", e->envp); mailto = env_get("MAILTO", e->envp); mailfrom = env_get("MAILFROM", e->envp); #ifdef PAM /* use PAM to see if the user's account is available, * i.e., not locked or expired or whatever. skip this * for system tasks from /etc/crontab -- they can run * as any user. */ if (strcmp(u->name, SYS_NAME)) { /* not equal */ pam_handle_t *pamh = NULL; int pam_err; struct pam_conv pamc = { .conv = openpam_nullconv, .appdata_ptr = NULL }; Debug(DPROC, ("[%d] checking account with PAM\n", getpid())) /* u->name keeps crontab owner name while LOGNAME is the name * of user to run command on behalf of. they should be the * same for a task from a per-user crontab. */ if (strcmp(u->name, usernm)) { log_it(usernm, getpid(), "username ambiguity", u->name); exit(ERROR_EXIT); } pam_err = pam_start("cron", usernm, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { log_it("CRON", getpid(), "error", "can't start PAM"); exit(ERROR_EXIT); } pam_err = pam_acct_mgmt(pamh, PAM_SILENT); /* Expired password shouldn't prevent the job from running. */ if (pam_err != PAM_SUCCESS && pam_err != PAM_NEW_AUTHTOK_REQD) { log_it(usernm, getpid(), "USER", "account unavailable"); exit(ERROR_EXIT); } pam_end(pamh, pam_err); } #endif #ifdef USE_SIGCHLD /* our parent is watching for our death by catching SIGCHLD. we * do not care to watch for our children's deaths this way -- we * use wait() explicitly. so we have to disable the signal (which * was inherited from the parent). */ (void) signal(SIGCHLD, SIG_DFL); #else /* on system-V systems, we are ignoring SIGCLD. we have to stop * ignoring it now or the wait() in cron_pclose() won't work. * because of this, we have to wait() for our children here, as well. */ (void) signal(SIGCLD, SIG_DFL); #endif /*BSD*/ /* create some pipes to talk to our future child */ if (pipe(stdin_pipe) != 0 || pipe(stdout_pipe) != 0) { log_it("CRON", getpid(), "error", "can't pipe"); exit(ERROR_EXIT); } /* since we are a forked process, we can diddle the command string * we were passed -- nobody else is going to use it again, right? * * if a % is present in the command, previous characters are the * command, and subsequent characters are the additional input to * the command. Subsequent %'s will be transformed into newlines, * but that happens later. * * If there are escaped %'s, remove the escape character. */ /*local*/{ register int escaped = FALSE; register int ch; register char *p; for (input_data = p = e->cmd; (ch = *input_data); input_data++, p++) { if (p != input_data) *p = ch; if (escaped) { if (ch == '%' || ch == '\\') *--p = ch; escaped = FALSE; continue; } if (ch == '\\') { escaped = TRUE; continue; } if (ch == '%') { *input_data++ = '\0'; break; } } *p = '\0'; } /* fork again, this time so we can exec the user's command. */ switch (jobpid = fork()) { case -1: log_it("CRON",getpid(),"error","can't fork"); exit(ERROR_EXIT); /*NOTREACHED*/ case 0: Debug(DPROC, ("[%d] grandchild process fork()'ed\n", getpid())) if (e->uid == ROOT_UID) Jitter = RootJitter; if (Jitter != 0) { srandom(getpid()); sleep(random() % Jitter); } /* write a log message. we've waited this long to do it * because it was not until now that we knew the PID that * the actual user command shell was going to get and the * PID is part of the log message. */ if ((e->flags & DONT_LOG) == 0) { char *x = mkprints((u_char *)e->cmd, strlen(e->cmd)); log_it(usernm, getpid(), "CMD", x); free(x); } /* that's the last thing we'll log. close the log files. */ #ifdef SYSLOG closelog(); #endif /* get new pgrp, void tty, etc. */ (void) setsid(); /* close the pipe ends that we won't use. this doesn't affect * the parent, who has to read and write them; it keeps the * kernel from recording us as a potential client TWICE -- * which would keep it from sending SIGPIPE in otherwise * appropriate circumstances. */ close(stdin_pipe[WRITE_PIPE]); close(stdout_pipe[READ_PIPE]); /* grandchild process. make std{in,out} be the ends of * pipes opened by our daddy; make stderr go to stdout. */ close(STDIN); dup2(stdin_pipe[READ_PIPE], STDIN); close(STDOUT); dup2(stdout_pipe[WRITE_PIPE], STDOUT); close(STDERR); dup2(STDOUT, STDERR); /* close the pipes we just dup'ed. The resources will remain. */ close(stdin_pipe[READ_PIPE]); close(stdout_pipe[WRITE_PIPE]); + environ = NULL; + # if defined(LOGIN_CAP) - /* Set user's entire context, but skip the environment - * as cron provides a separate interface for this + /* Set user's entire context, but note that PATH will + * be overridden later */ if ((pwd = getpwnam(usernm)) == NULL) pwd = getpwuid(e->uid); lc = NULL; if (pwd != NULL) { pwd->pw_gid = e->gid; if (e->class != NULL) lc = login_getclass(e->class); } if (pwd && setusercontext(lc, pwd, e->uid, - LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETENV)) == 0) + LOGIN_SETALL) == 0) (void) endpwent(); else { /* fall back to the old method */ (void) endpwent(); # endif /* set our directory, uid and gid. Set gid first, * since once we set uid, we've lost root privileges. */ if (setgid(e->gid) != 0) { log_it(usernm, getpid(), "error", "setgid failed"); _exit(ERROR_EXIT); } # if defined(BSD) if (initgroups(usernm, e->gid) != 0) { log_it(usernm, getpid(), "error", "initgroups failed"); _exit(ERROR_EXIT); } # endif if (setlogin(usernm) != 0) { log_it(usernm, getpid(), "error", "setlogin failed"); _exit(ERROR_EXIT); } if (setuid(e->uid) != 0) { log_it(usernm, getpid(), "error", "setuid failed"); _exit(ERROR_EXIT); } /* we aren't root after this..*/ #if defined(LOGIN_CAP) } if (lc != NULL) login_close(lc); #endif chdir(env_get("HOME", e->envp)); /* exec the command. */ { char *shell = env_get("SHELL", e->envp); + char **p; + + /* Apply the environment from the entry, overriding existing + * values (this will always set PATH, LOGNAME, etc.) putenv + * should not fail unless malloc does. + */ + for (p = e->envp; *p; ++p) { + if (putenv(*p) != 0) { + warn("putenv"); + _exit(ERROR_EXIT); + } + } # if DEBUGGING if (DebugFlags & DTEST) { fprintf(stderr, "debug DTEST is on, not exec'ing command.\n"); fprintf(stderr, "\tcmd='%s' shell='%s'\n", e->cmd, shell); _exit(OK_EXIT); } # endif /*DEBUGGING*/ - execle(shell, shell, "-c", e->cmd, (char *)NULL, - e->envp); - warn("execle: couldn't exec `%s'", shell); + execl(shell, shell, "-c", e->cmd, (char *)NULL); + warn("execl: couldn't exec `%s'", shell); _exit(ERROR_EXIT); } break; default: /* parent process */ break; } /* middle process, child of original cron, parent of process running * the user's command. */ Debug(DPROC, ("[%d] child continues, closing pipes\n", getpid())) /* close the ends of the pipe that will only be referenced in the * grandchild process... */ close(stdin_pipe[READ_PIPE]); close(stdout_pipe[WRITE_PIPE]); /* * write, to the pipe connected to child's stdin, any input specified * after a % in the crontab entry. while we copy, convert any * additional %'s to newlines. when done, if some characters were * written and the last one wasn't a newline, write a newline. * * Note that if the input data won't fit into one pipe buffer (2K * or 4K on most BSD systems), and the child doesn't read its stdin, * we would block here. thus we must fork again. */ if (*input_data && (stdinjob = fork()) == 0) { register FILE *out = fdopen(stdin_pipe[WRITE_PIPE], "w"); register int need_newline = FALSE; register int escaped = FALSE; register int ch; if (out == NULL) { warn("fdopen failed in child2"); _exit(ERROR_EXIT); } Debug(DPROC, ("[%d] child2 sending data to grandchild\n", getpid())) /* close the pipe we don't use, since we inherited it and * are part of its reference count now. */ close(stdout_pipe[READ_PIPE]); /* translation: * \% -> % * % -> \n * \x -> \x for all x != % */ while ((ch = *input_data++)) { if (escaped) { if (ch != '%') putc('\\', out); } else { if (ch == '%') ch = '\n'; } if (!(escaped = (ch == '\\'))) { putc(ch, out); need_newline = (ch != '\n'); } } if (escaped) putc('\\', out); if (need_newline) putc('\n', out); /* close the pipe, causing an EOF condition. fclose causes * stdin_pipe[WRITE_PIPE] to be closed, too. */ fclose(out); Debug(DPROC, ("[%d] child2 done sending to grandchild\n", getpid())) exit(0); } /* close the pipe to the grandkiddie's stdin, since its wicked uncle * ernie back there has it open and will close it when he's done. */ close(stdin_pipe[WRITE_PIPE]); /* * read output from the grandchild. it's stderr has been redirected to * it's stdout, which has been redirected to our pipe. if there is any * output, we'll be mailing it to the user whose crontab this is... * when the grandchild exits, we'll get EOF. */ Debug(DPROC, ("[%d] child reading output from grandchild\n", getpid())) /*local*/{ register FILE *in = fdopen(stdout_pipe[READ_PIPE], "r"); register int ch; if (in == NULL) { warn("fdopen failed in child"); _exit(ERROR_EXIT); } mail = NULL; ch = getc(in); if (ch != EOF) { Debug(DPROC|DEXT, ("[%d] got data (%x:%c) from grandchild\n", getpid(), ch, ch)) /* get name of recipient. this is MAILTO if set to a * valid local username; USER otherwise. */ if (mailto == NULL) { /* MAILTO not present, set to USER, * unless globally overriden. */ if (defmailto) mailto = defmailto; else mailto = usernm; } if (mailto && *mailto == '\0') mailto = NULL; /* if we are supposed to be mailing, MAILTO will * be non-NULL. only in this case should we set * up the mail command and subjects and stuff... */ if (mailto) { register char **env; auto char mailcmd[MAX_COMMAND]; auto char hostname[MAXHOSTNAMELEN]; if (gethostname(hostname, MAXHOSTNAMELEN) == -1) hostname[0] = '\0'; hostname[sizeof(hostname) - 1] = '\0'; (void) snprintf(mailcmd, sizeof(mailcmd), MAILARGS, MAILCMD); if (!(mail = cron_popen(mailcmd, "w", e, &mailpid))) { warn("%s", MAILCMD); (void) _exit(ERROR_EXIT); } if (mailfrom == NULL || *mailfrom == '\0') fprintf(mail, "From: Cron Daemon <%s@%s>\n", usernm, hostname); else fprintf(mail, "From: Cron Daemon <%s>\n", mailfrom); fprintf(mail, "To: %s\n", mailto); fprintf(mail, "Subject: Cron <%s@%s> %s\n", usernm, first_word(hostname, "."), e->cmd); # if defined(MAIL_DATE) fprintf(mail, "Date: %s\n", arpadate(&TargetTime)); # endif /* MAIL_DATE */ for (env = e->envp; *env; env++) fprintf(mail, "X-Cron-Env: <%s>\n", *env); fprintf(mail, "\n"); /* this was the first char from the pipe */ putc(ch, mail); } /* we have to read the input pipe no matter whether * we mail or not, but obviously we only write to * mail pipe if we ARE mailing. */ while (EOF != (ch = getc(in))) { bytes++; if (mail) putc(ch, mail); } } /*if data from grandchild*/ Debug(DPROC, ("[%d] got EOF from grandchild\n", getpid())) /* also closes stdout_pipe[READ_PIPE] */ fclose(in); } /* wait for children to die. */ if (jobpid > 0) { WAIT_T waiter; waiter = wait_on_child(jobpid, "grandchild command job"); /* If everything went well, and -n was set, _and_ we have mail, * we won't be mailing... so shoot the messenger! */ if (WIFEXITED(waiter) && WEXITSTATUS(waiter) == 0 && (e->flags & MAIL_WHEN_ERR) == MAIL_WHEN_ERR && mail) { Debug(DPROC, ("[%d] %s executed successfully, mail suppressed\n", getpid(), "grandchild command job")) kill(mailpid, SIGKILL); (void)fclose(mail); mail = NULL; } /* only close pipe if we opened it -- i.e., we're * mailing... */ if (mail) { Debug(DPROC, ("[%d] closing pipe to mail\n", getpid())) /* Note: the pclose will probably see * the termination of the grandchild * in addition to the mail process, since * it (the grandchild) is likely to exit * after closing its stdout. */ status = cron_pclose(mail); /* if there was output and we could not mail it, * log the facts so the poor user can figure out * what's going on. */ if (status) { char buf[MAX_TEMPSTR]; snprintf(buf, sizeof(buf), "mailed %d byte%s of output but got status 0x%04x\n", bytes, (bytes==1)?"":"s", status); log_it(usernm, getpid(), "MAIL", buf); } } } if (*input_data && stdinjob > 0) wait_on_child(stdinjob, "grandchild stdinjob"); } static WAIT_T wait_on_child(PID_T childpid, const char *name) { WAIT_T waiter; PID_T pid; Debug(DPROC, ("[%d] waiting for %s (%d) to finish\n", getpid(), name, childpid)) #ifdef POSIX while ((pid = waitpid(childpid, &waiter, 0)) < 0 && errno == EINTR) #else while ((pid = wait4(childpid, &waiter, 0, NULL)) < 0 && errno == EINTR) #endif ; if (pid < OK) return waiter; Debug(DPROC, ("[%d] %s (%d) finished, status=%04x", getpid(), name, pid, WEXITSTATUS(waiter))) if (WIFSIGNALED(waiter) && WCOREDUMP(waiter)) Debug(DPROC, (", dumped core")) Debug(DPROC, ("\n")) return waiter; } diff --git a/usr.sbin/cron/crontab/crontab.5 b/usr.sbin/cron/crontab/crontab.5 index 9943adfaf356..adc2b2b5ae95 100644 --- a/usr.sbin/cron/crontab/crontab.5 +++ b/usr.sbin/cron/crontab/crontab.5 @@ -1,373 +1,381 @@ .\"/* Copyright 1988,1990,1993,1994 by Paul Vixie .\" * All rights reserved .\" * .\" * Distribute freely, except: don't remove my name from the source or .\" * documentation (don't take credit for my work), mark your changes (don't .\" * get me blamed for your possible bugs), don't alter or remove this .\" * notice. May be sold if buildable source is provided to buyer. No .\" * warrantee of any kind, express or implied, is included with this .\" * software; use at your own risk, responsibility for damages (if any) to .\" * anyone resulting from the use of this software rests entirely with the .\" * user. .\" * .\" * Send bug reports, bug fixes, enhancements, requests, flames, etc., and .\" * I'll try to keep a version up to date. I can be reached as follows: .\" * Paul Vixie uunet!decwrl!vixie!paul .\" */ .\" .\" $FreeBSD$ .\" -.Dd September 24, 2019 +.Dd January 19, 2020 .Dt CRONTAB 5 .Os .Sh NAME .Nm crontab .Nd tables for driving cron .Sh DESCRIPTION A .Nm file contains instructions to the .Xr cron 8 daemon of the general form: ``run this command at this time on this date''. Each user has their own crontab, and commands in any given crontab will be executed as the user who owns the crontab. Uucp and News will usually have their own crontabs, eliminating the need for explicitly running .Xr su 1 as part of a cron command. .Pp Blank lines and leading spaces and tabs are ignored. Lines whose first non-space character is a pound-sign (#) are comments, and are ignored. Note that comments are not allowed on the same line as cron commands, since they will be taken to be part of the command. Similarly, comments are not allowed on the same line as environment variable settings. .Pp An active line in a crontab will be either an environment setting or a cron command. An environment setting is of the form, .Bd -literal name = value .Ed .Pp where the spaces around the equal-sign (=) are optional, and any subsequent non-leading spaces in .Em value will be part of the value assigned to .Em name . The .Em value string may be placed in quotes (single or double, but matching) to preserve leading or trailing blanks. The .Em name string may also be placed in quote (single or double, but matching) to preserve leading, trailing or inner blanks. .Pp Several environment variables are set up automatically by the .Xr cron 8 daemon. .Ev SHELL is set to .Pa /bin/sh , .Ev PATH is set to .Pa /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin , and .Ev LOGNAME and .Ev HOME are set from the .Pa /etc/passwd line of the crontab's owner. +In addition, the environment variables of the +user's login class, with the exception of +.Ev PATH , +will be set from +.Pa /etc/login.conf.db +and +.Pa ~/.login_conf . .Ev HOME , .Ev PATH and -.Ev SHELL +.Ev SHELL , +and any variables set from the login class, may be overridden by settings in the crontab; .Ev LOGNAME may not. .Pp (Another note: the .Ev LOGNAME variable is sometimes called .Ev USER on .Bx systems... On these systems, .Ev USER will be set also). .Pp In addition to .Ev LOGNAME , .Ev HOME , .Ev PATH , and .Ev SHELL , .Xr cron 8 will look at .Ev MAILTO if it has any reason to send mail as a result of running commands in ``this'' crontab. If .Ev MAILTO is defined (and non-empty), mail is sent to the user so named. If .Ev MAILFROM is defined (and non-empty), its value will be used as the from address. .Ev MAILTO may also be used to direct mail to multiple recipients by separating recipient users with a comma. If .Ev MAILTO is defined but empty (MAILTO=""), no mail will be sent. Otherwise mail is sent to the owner of the crontab. This option is useful if you decide on .Pa /bin/mail instead of .Pa /usr/lib/sendmail as your mailer when you install cron -- .Pa /bin/mail does not do aliasing, and UUCP usually does not read its mail. .Pp The format of a cron command is very much the V7 standard, with a number of upward-compatible extensions. Each line has five time and date fields, followed by a user name (with optional ``:'' and ``/'' suffixes) if this is the system crontab file, followed by a command. Commands are executed by .Xr cron 8 when the minute, hour, and month of year fields match the current time, .Em and when at least one of the two day fields (day of month, or day of week) matches the current time (see ``Note'' below). .Xr cron 8 examines cron entries once every minute. The time and date fields are: .Bd -literal -offset indent field allowed values ----- -------------- minute 0-59 hour 0-23 day of month 1-31 month 1-12 (or names, see below) day of week 0-7 (0 or 7 is Sun, or use names) .Ed .Pp A field may be an asterisk (*), which always stands for ``first\-last''. .Pp Ranges of numbers are allowed. Ranges are two numbers separated with a hyphen. The specified range is inclusive. For example, 8-11 for an ``hours'' entry specifies execution at hours 8, 9, 10 and 11. .Pp Lists are allowed. A list is a set of numbers (or ranges) separated by commas. Examples: ``1,2,5,9'', ``0-4,8-12''. .Pp Step values can be used in conjunction with ranges. Following a range with ``/'' specifies skips of the number's value through the range. For example, ``0-23/2'' can be used in the hours field to specify command execution every other hour (the alternative in the V7 standard is ``0,2,4,6,8,10,12,14,16,18,20,22''). Steps are also permitted after an asterisk, so if you want to say ``every two hours'', just use ``*/2''. .Pp Names can also be used for the ``month'' and ``day of week'' fields. Use the first three letters of the particular day or month (case does not matter). Ranges or lists of names are not allowed. .Pp The ``sixth'' field (the rest of the line) specifies the command to be run. One or more command options may precede the command to modify processing behavior. The entire command portion of the line, up to a newline or % character, will be executed by .Pa /bin/sh or by the shell specified in the .Ev SHELL variable of the cronfile. Percent-signs (%) in the command, unless escaped with backslash (\\), will be changed into newline characters, and all data after the first % will be sent to the command as standard input. .Pp The following command options can be supplied: .Bl -tag -width Ds .It Fl n No mail is sent after a successful run. The execution output will only be mailed if the command exits with a non-zero exit code. The .Fl n option is an attempt to cure potentially copious volumes of mail coming from .Xr cron 8 . .It Fl q Execution will not be logged. .El .sp Duplicate options are not allowed. .Pp Note: The day of a command's execution can be specified by two fields \(em day of month, and day of week. If both fields are restricted (ie, are not *), the command will be run when .Em either field matches the current time. For example, ``30 4 1,15 * 5'' would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus every Friday. .Pp Instead of the first five fields, a line may start with .Sq @ symbol followed either by one of eight special strings or by a numeric value. The recognized special strings are: .Bd -literal -offset indent string meaning ------ ------- @reboot Run once, at startup of cron. @yearly Run once a year, "0 0 1 1 *". @annually (same as @yearly) @monthly Run once a month, "0 0 1 * *". @weekly Run once a week, "0 0 * * 0". @daily Run once a day, "0 0 * * *". @midnight (same as @daily) @hourly Run once an hour, "0 * * * *". @every_minute Run once a minute, "*/1 * * * *". @every_second Run once a second. .Ed .Pp The .Sq @ symbol followed by a numeric value has a special notion of running a job that many seconds after completion of the previous invocation of the job. Unlike regular syntax, it guarantees not to overlap two or more invocations of the same job during normal cron execution. Note, however, that overlap may occur if the job is running when the file containing the job is modified and subsequently reloaded. The first run is scheduled for the specified number of seconds after cron is started or the crontab entry is reloaded. .Sh EXAMPLE CRON FILE .Bd -literal # use /bin/sh to run commands, overriding the default set by cron SHELL=/bin/sh # mail any output to `paul', no matter whose crontab this is MAILTO=paul # # run five minutes after midnight, every day 5 0 * * * $HOME/bin/daily.job >> $HOME/tmp/out 2>&1 # run at 2:15pm on the first of every month -- output mailed to paul 15 14 1 * * $HOME/bin/monthly # run at 10 pm on weekdays, annoy Joe 0 22 * * 1-5 mail -s "It's 10pm" joe%Joe,%%Where are your kids?% 23 0-23/2 * * * echo "run 23 minutes after midn, 2am, 4am ..., everyday" 5 4 * * sun echo "run at 5 after 4 every sunday" # run at 5 minutes intervals, no matter how long it takes @300 svnlite up /usr/src # run every minute, suppress logging * * * * * -q date # run every minute, only send mail if ping fails * * * * * -n ping -c 1 freebsd.org .Ed .Sh SEE ALSO .Xr crontab 1 , .Xr cron 8 .Sh EXTENSIONS When specifying day of week, both day 0 and day 7 will be considered Sunday. .Bx and .Tn ATT seem to disagree about this. .Pp Lists and ranges are allowed to co-exist in the same field. "1-3,7-9" would be rejected by .Tn ATT or .Bx cron -- they want to see "1-3" or "7,8,9" ONLY. .Pp Ranges can include "steps", so "1-9/2" is the same as "1,3,5,7,9". .Pp Names of months or days of the week can be specified by name. .Pp Environment variables can be set in the crontab. In .Bx or .Tn ATT , the environment handed to child processes is basically the one from .Pa /etc/rc . .Pp Command output is mailed to the crontab owner .No ( Bx cannot do this), can be mailed to a person other than the crontab owner (SysV cannot do this), or the feature can be turned off and no mail will be sent at all (SysV cannot do this either). .Pp All of the .Sq @ directives that can appear in place of the first five fields are extensions. .Pp Command processing can be modified using command options. The .Sq -q option suppresses logging. The .Sq -n option does not mail on successful run. .Sh AUTHORS .An Paul Vixie Aq Mt paul@vix.com .Sh BUGS If you are in one of the 70-odd countries that observe Daylight Savings Time, jobs scheduled during the rollback or advance may be affected if .Xr cron 8 is not started with the .Fl s flag. In general, it is not a good idea to schedule jobs during this period if .Xr cron 8 is not started with the .Fl s flag, which is enabled by default. See .Xr cron 8 for more details. .Pp For US timezones (except parts of AZ and HI) the time shift occurs at 2AM local time. For others, the output of the .Xr zdump 8 program's verbose .Fl ( v ) option can be used to determine the moment of time shift.