1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
|
.\"/* Copyright 1988,1990,1993,1994 by Paul Vixie
.\" * All rights reserved
.\" */
.\"
.\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 1997,2000 by Internet Software Consortium, Inc.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: crontab.5,v 1.6 2004/01/23 19:03:33 vixie Exp $
.\"
.TH CRONTAB 5 2012-11-22 "cronie" "File Formats"
.SH NAME
crontab \- files used to schedule the execution of programs
.SH DESCRIPTION
A
.I crontab
file contains instructions for the
.BR cron (8)
daemon in the following simplified manner: "run this command at this time
on this date". Each user can define their own crontab. Commands defined
in any given crontab are executed under the user who owns that particular
crontab. Uucp and News usually have their own crontabs, eliminating the
need for explicitly running
.BR su (1)
as part of a cron command.
.PP
Blank lines, leading spaces, and tabs are ignored. Lines whose first
non-white space character is a pound-sign (#) are comments, and are not
processed. Note that comments are not allowed on the same line as cron
commands, since they are considered a part of the command. Similarly,
comments are not allowed on the same line as environment variable
settings.
.PP
An active line in a crontab is either an environment setting or a cron
command. An environment setting is of the form:
.PP
name = value
.PP
where the white spaces around the equal-sign (=) are optional, and any
subsequent non-leading white spaces in
.I value
is a part of the value assigned to
.IR name .
The
.I value
string may be placed in quotes (single or double, but matching) to
preserve leading or trailing white spaces.
.PP
Several environment variables are set up automatically by the
.BR cron (8)
daemon.
.I SHELL
is set to /bin/sh, and
.I LOGNAME
and
.I HOME
are set from the /etc/passwd line of the crontab\'s owner.
.I HOME
and
.I SHELL
can be overridden by settings in the crontab; LOGNAME can not.
.PP
(Note: the
.I LOGNAME
variable is sometimes called
.I USER
on BSD systems and is also automatically set).
.PP
In addition to
.IR LOGNAME ,
.IR HOME ,
and
.IR SHELL ,
.BR cron (8)
looks at the
.I MAILTO
variable if a mail needs to be send as a result of running any commands
in that particular crontab. If
.I MAILTO
is defined (and non-empty), mail is sent to the specified address. If
.I MAILTO
is defined but empty
.RI ( MAILTO="" ),
no mail is sent. Otherwise, mail is sent to the owner of the crontab.
This option is useful if you decide to use /bin/mail instead of
/usr/lib/sendmail as your mailer. Note that /bin/mail does not provide
aliasing and UUCP usually does not read its mail. If
.I MAILFROM
is defined (and non-empty), it is used as the envelope sender address,
otherwise, ``root'' is used.
.PP
(Note: Both
.I MAILFROM
and
.I MAILTO
variables are expanded, so setting them as in the following example works as expected: MAILFROM=cron-$USER@cron.com ($USER is replaced by the system user) )
.PP
By default, cron sends a mail using the 'Content-Type:' header
of 'text/plain' with the 'charset=' parameter set to the 'charmap/codeset'
of the locale in which
.BR crond (8)
is started up, i.e., either the default system locale, if no LC_*
environment variables are set, or the locale specified by the LC_*
environment variables (see
.BR locale (7)).
Different character encodings can be used for mailing cron job outputs by
setting the
.I CONTENT_TYPE
and
.I CONTENT_TRANSFER_ENCODING
variables in a crontab to the correct values of the mail headers of those
names.
.PP
The
.I CRON_TZ
variable specifies the time zone specific for the cron table. The user
should enter a time according to the specified time zone into the table.
The time used for writing into a log file is taken from the local time
zone, where the daemon is running.
.PP
The
.I MLS_LEVEL
environment variable provides support for multiple per-job SELinux
security contexts in the same crontab. By default, cron jobs execute
with the default SELinux security context of the user that created the
crontab file. When using multiple security levels and roles, this may
not be sufficient, because the same user may be running in different
roles or in different security levels. For more information about roles
and SELinux MLS/MCS, see
.BR selinux (8)
and the crontab example mentioned later on in this text. You can set the
.I MLS_LEVEL
variable to the SELinux security context string specifying the particular
SELinux security context in which you want jobs to be run.
.B crond
will then set the execution context of those jobs that meet the
specifications of the particular security context. For more information,
see
.BR crontab (1)\ -s\ option.
.PP
The
.I RANDOM_DELAY
variable allows delaying job startups by random amount of minutes with
upper limit specified by the variable. The random scaling factor is
determined during the cron daemon startup so it remains constant for
the whole run time of the daemon.
.PP
The format of a cron command is similar to the V7 standard, with a number
of upward-compatible extensions. Each line has five time-and-date fields
followed by a
.BR user name
(if this is the
.BR system
crontab file), and followed by a command. Commands are executed by
.BR cron (8)
when the 'minute', 'hour', and 'month of the year' fields match the
current time,
.I and
at least one of the two 'day' fields ('day of month', or 'day of week')
match the current time (see "Note" below).
.PP
Note that this means that non-existent times, such as the "missing hours"
during the daylight savings time conversion, will never match, causing
jobs scheduled during the "missing times" not to be run. Similarly,
times that occur more than once (again, during the daylight savings time
conversion) will cause matching jobs to be run twice.
.PP
.BR cron (8)
examines cron entries every minute.
.PP
The time and date fields are:
.IP
.ta 1.5i
field allowed values
.br
----- --------------
.br
minute 0-59
.br
hour 0-23
.br
day of month 1-31
.br
month 1-12 (or names, see below)
.br
day of week 0-7 (0 or 7 is Sunday, or use names)
.br
.PP
A field may contain an asterisk (*), which always stands for
"first\-last".
.PP
Ranges of numbers are allowed. Ranges are two numbers separated with a
hyphen. The specified range is inclusive. For example, 8-11 for
an 'hours' entry specifies execution at hours 8, 9, 10, and 11. The first
number must be less than or equal to the second one.
.PP
Randomization of the execution time within a range can be used.
A random number within a range specified as two numbers separated with
a tilde is picked. The specified range is inclusive.
For example, 6~15 for a 'minutes' entry picks a random minute
within 6 to 15 range. The random number is picked when crontab file is parsed.
The first number must be less than or equal to the second one. You might omit
one or both of the numbers specifying the range. For example, ~ for a 'minutes'
entry picks a random minute within 0 to 59 range.
.PP
Lists are allowed. A list is a set of numbers (or ranges) separated by
commas. Examples: "1,2,5,9", "0-4,8-12".
.PP
Step values can be used in conjunction with ranges. Following a range
with "/<number>" specifies skips of the number's value through the range.
For example, "0-23/2" can be used in the 'hours' field to specify command
execution for every other hour (the alternative in the V7 standard is
"0,\:2,\:4,\:6,\:8,\:10,\:12,\:14,\:16,\:18,\:20,\:22"). Step values are
also permitted after an asterisk, so if specifying a job to be run every
two hours, you can use "*/2".
.PP
Names can also be used for the 'month' and 'day of week' fields. Use the
first three letters of the particular day or month (case does not
matter). Ranges and lists of names are allowed. Examples: "mon,wed,fri",
"jan-mar".
.PP
If the UID of the owner is 0 (root), the first character of a crontab
entry can be "-" character. This will prevent cron from writing a syslog
message about the command being executed.
.PP
The "sixth" field (the rest of the line) specifies the command to be run.
The entire command portion of the line, up to a newline or a "%"
character, will be executed by /bin/sh or by the shell specified in the
SHELL variable of the cronfile. A "%" character in the command, unless
escaped with a backslash (\\), will be changed into newline characters,
and all data after the first % will be sent to the command as standard
input.
.PP
Note: The day of a command's execution can be specified in the following
two fields \(em 'day of month', and 'day of week'. If both fields are
restricted (i.e., do not contain the "*" character), the command will be
run when
.I either
field matches the current time. For example,
.br
"30 4 1,15 * 5" would cause a command to be run at 4:30 am on the 1st and
15th of each month, plus every Friday.
.PP
A crontab file syntax can be tested before an install using the -T option. See
.BR crontab (1)
for details.
.SH EXAMPLE CRON FILE
.nf
# use /bin/sh to run commands, no matter what /etc/passwd says
SHELL=/bin/sh
# mail any output to `paul', no matter whose crontab this is
MAILTO=paul
#
CRON_TZ=Japan
# run five minutes after midnight, every day
5 0 * * * $HOME/bin/daily.job >> $HOME/tmp/out 2>&1
# run at 2:15pm on the first of every month -- output mailed to paul
15 14 1 * * $HOME/bin/monthly
# run at 10 pm on weekdays, annoy Joe
0 22 * * 1-5 mail -s "It's 10pm" joe%Joe,%%Where are your kids?%
23 0-23/2 * * * echo "run 23 minutes after midn, 2am, 4am ..., everyday"
5 4 * * sun echo "run at 5 after 4 every sunday"
.fi
.SH Jobs in /etc/cron.d/
The jobs in
.I cron.d
and
.I /etc/crontab
are system jobs, which are used usually for more than one user, thus,
additionally the username is needed. MAILTO on the first line is
optional.
.SH EXAMPLE OF A JOB IN /etc/cron.d/job
.nf
#login as root
#create job with preferred editor (e.g. vim)
MAILTO=root
* * * * * root touch /tmp/file
.fi
.SH SELinux with multi level security (MLS)
In a crontab, it is important to specify a security level by
.I crontab \-s
or specifying the required level on the first line of the crontab. Each
level is specified in
.IR /etc/selinux/targeted/seusers .
When using crontab in the MLS mode, it is especially important to:
.br
- check/change the actual role,
.br
- set correct
.I role for
.IR directory ,
which is used for input/output.
.SH EXAMPLE FOR SELINUX MLS
.nf
# login as root
newrole -r sysadm_r
mkdir /tmp/SystemHigh
chcon -l SystemHigh /tmp/SystemHigh
crontab -e
# write in crontab file
MLS_LEVEL=SystemHigh
0-59 * * * * id -Z > /tmp/SystemHigh/crontest
.fi
.SH FILES
.I /etc/crontab
main system crontab file.
.I /var/spool/cron/
a directory for storing crontabs defined by users.
.I /etc/cron.d/
a directory for storing system crontabs.
.SH "SEE ALSO"
.BR cron (8),
.BR crontab (1)
.SH EXTENSIONS
These special time specification "nicknames" which replace the 5 initial
time and date fields, and are prefixed with the '@' character, are
supported:
.PP
.nf
@reboot : Run once after reboot.
@yearly : Run once a year, ie. "0 0 1 1 *".
@annually : Run once a year, ie. "0 0 1 1 *".
@monthly : Run once a month, ie. "0 0 1 * *".
@weekly : Run once a week, ie. "0 0 * * 0".
@daily : Run once a day, ie. "0 0 * * *".
@hourly : Run once an hour, ie. "0 * * * *".
.fi
.SH CAVEATS
.BR crontab
files have to be regular files or symlinks to regular files, they must
not be executable or writable for anyone else but the owner. This
requirement can be overridden by using the
.B \-p
option on the crond command line. If inotify support is in use, changes
in the symlinked crontabs are not automatically noticed by the cron
daemon. The cron daemon must receive a SIGHUP signal to reload the
crontabs. This is a limitation of the inotify API.
.PP
cron requires that each entry in a crontab end in a newline character. If the
last entry in a crontab is missing a newline (i.e.\& terminated by EOF),
cron will consider the crontab (at least partially) broken.
A warning will be written to syslog.
.SH AUTHOR
.MT vixie@isc.org
Paul Vixie
.ME
|