LINUX+ LAB SERIES (LX0-102)

Lab 5: crontab and at

Document Version: 2015-04-30

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise
noted, is licensed under the Creative Commons Attribution 3.0 Unported License.
Development was funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training
(TAACCCT) Grant No. TC-22525-11-60-A-48; The National Information Security, Geospatial Technologies Consortium (NISGTC) is an
entity of Collin College of Texas, Bellevue College of Washington, Bunker Hill Community College of Massachusetts, Del Mar College
of Texas, Moraine Valley Community College of Illinois, Rio Salado College of Arizona, and Salt Lake Community College of Utah.
This workforce solution was funded by a grant awarded by the U.S. Department of Labor's Employment and Training Administration.
The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The
Department of Labor makes no guarantees, warranties or assurances of any kind, express or implied, with respect to such
information, including any information on linked sites, and including, but not limited to accuracy of the information or its
completeness, timeliness, usefulness, adequacy, continued availability or ownership.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Contents
Introduction ........................................................................................................................ 2
Objective ............................................................................................................................. 2
Linux+ LX0-102 Exam Objectives ........................................................................................ 3
Lab Topology ....................................................................................................................... 4
Lab Settings ......................................................................................................................... 5
1 Scheduling Processes with the at Command .............................................................. 6
2 Controlling Access to the at Command .................................................................... 11
3 Scheduling Processes with the crontab Command .................................................. 12
4 Controlling Access to the crontab Command ........................................................... 15
5 Exploring System crontabs ........................................................................................ 17

1
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Introduction
This lab provides guidance on performing Lab 5: crontab and at of the Linux+ LX0-102
course, using a NETLAB+ system. By performing this lab, students will learn how to
schedule processes to execute in the future using the at and crontab commands.

Objective
The following tasks will be performed:
1.
2.
3.
4.
5.

Learn how to schedule future tasks with the at command.

Limit access to the at command.
Learn how to schedule future recurring tasks with the crontab command.
Limit access to the crontab command.
Manage system crontabs.

2
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Linux+ LX0-102 Exam Objectives

This lab will cover the topics for the following LX0-102 objectives:
107.2 Automate system administration tasks by scheduling jobs
1. Manage cron and at jobs.
2. Configure user access to cron and at services.
The following is a partial list of the used files, terms, and utilities:
a. /etc/cron.d{daily,hourly,monthly,weekly}
b. /etc/at.deny
c. /etc/at.allow
d. /etc/crontab
e. /etc/cron.allow
f. /etc/cron.deny
g. /var/spool/cron/*
h. crontab
i. at
j. atq
k. atrm

3
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Lab Topology

4
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Lab Settings
The information in the table below will be used to complete the lab. Additional details
will be provided within the task sections as required.
System

Username/Password

CentOS Server

sysadmin/netlab123

Ubuntu Server

sysadmin/netlab123

Fedora Workstation

sysadmin/netlab123

Ubuntu Workstation

sysadmin/netlab123

All Machines

root/netlab123

5
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Scheduling Processes with the at Command

There are circumstances where you may want to schedule a time in the future for a
process to run. For instance, you might want to run the who command at 2AM to see
who is logged on the system at this time.
If you only want to run a command (or set of commands) one time in the future, you can
use the at command to schedule this.
1. Click on the Fedora Workstation icon in the pod topology to launch the virtual
machine.

2. The virtual machine will display a login screen. Make sure sysadmin is in the
user field. Enter the password netlab123 and press Enter.

6
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

3. Once you have logged in, a terminal window may appear. If it does not, click on
the Kickoff Application Launcher, the f, in the lower left corner of the desktop.
In the search bar, type konsole and click on Konsole, which will launch a
terminal window:

7
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

4. Switch to the root user in the terminal window that opens:

su netlab123

5. Run the following commands to schedule the who command to run at 2AM the
following morning. Note that where you see <EOT> (in the screenshot below)
you will be typing Control-D (^D):
at 2AM
at> who > /tmp/whothere
at> ^D

Your output should be similar to the following:

Note that if you do not redirect the output of at commands, the output will be emailed
to you.

8
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

6. The at command provides a very flexible system for specifying what time to run
the command(s). Execute the following command and scroll down to read how
to specify times:
man at

Your output should be similar to the following:

7. To see the at jobs that are scheduled for your account, use the atq command:
atq

Your output should be similar to the following:

9
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

8. To remove an at job from the queue, use the atrm command as show below:
atq
atrm 1
atq

Your output should be similar to the following:

10
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Controlling Access to the at Command

1. To disallow access to the at command, add the user name to the /etc/at.deny
file. Each line in this file should contain a single user name. In this case, open
the /etc/at.deny file in the editor of your choice and add the following line:
sysadmin

Your output should be similar to the following:

2. To verify, exit from the root shell back to the sysadmin account and attempt to
run the following at command:
exit
at 2AM

Your output should be similar to the following:

You could also make use of the /etc/at.allow file (which does not exist by default). If
you create an /etc/at.allow file, then only the users listed in this file will be able to
use the at command (the /etc/at.deny file will now be ignored).
An empty /etc/at.deny file means all users can use the at command. If you delete
both the /etc/at.deny and /etc/at.allow file, then only root can use the at
command.

11
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Scheduling Processes with the crontab Command

1. To schedule a process to execute on a routine basis, use the crontab command.
This command will bring you into an editor to edit your crontab file. Each line in
the crontab file will contain 6 fields, separated by white-space. The first 5 fields
describe the time to run the command and the last field is the command to run.
To review the format of the time fields, run the following command and then
scroll down:

man 5 crontab

Your output should be similar to the following:

2. As the sysadmin user, execute the following command to enter the crontab
editor:
crontab -e

3. Optional step: By default, the crontab command uses the vi editor to modify
the crontab file. If you would rather use a different editor, like gedit, you could
now quit the vi editor by typing :q and then type the following commands:
export EDITOR=gedit
crontab -e

This example will not work in the lab environment, as gedit is not installed but is provided to
demonstrate the ability to change the editor.

4. After opening the editor, add the following line to execute the who command
every Sunday night at 2AM:
0 2 * * 0 who >> /tmp/whothere

12
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

5. After verifying your work, exit the editor. To verify that the crontab file was
successfully modified, type the following in the command line:
crontab -l

Your output should be similar to the following:

If you make a mistake, you will get an error message like the following:

To fix your mistake, type y and then press the Enter key. You will be placed back
into the editor.

13
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

6. Note that the actual crontab file is stored in /var/spool/cron, a directory that
regular users can't access directly. Verify this by running the following
commands:
ls /var/spool/cron
su - root
netlab123
ls /var/spool/cron
cat /var/spool/cron/sysadmin
exit

Your output should be similar to the following:

7. If you want to modify your crontab file or add more entries, use the crontab e command again. In this case we are going to remove the entire crontab, so
execute the following commands:
crontab -l
crontab -r
crontab -l

Your output should be similar to the following:

14
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Controlling Access to the crontab Command

1. As a superuser, you can specify who can or cannot use the crontab command.
First, execute the following to switch to the root account:

su
netlab123

2. To disallow access to the crontab command, add a user name to the

/etc/cron.deny file. Each line in this file should contain a single user name. In
this case, open the /etc/cron.deny file in the editor of your choice and add the
following line:
sysadmin

Your output should be similar to the following:

15
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

3. To verify, exit from the root shell back to the sysadmin account and attempt to
run the following crontab command:
exit
crontab -e

Your output should be similar to the following:

You could also make use of the /etc/cron.allow file (which does not exist by default).
If you create an /etc/cron.allow file, then only the users listed in this file will be able
to use the crontab command (the /etc/cron.deny file will now be ignored).
An empty /etc/cron.deny file means all users can use the crontab command. If you
delete both the /etc/cron.deny and /etc/cron.allow file, then only root can use the
crontab command.

16
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

Exploring System crontabs

There are several maintenance tasks that need to be performed on a regular basis in
order for the operating system and associated processes to stay in "good health". These
tasks are not necessarily associated with any single user, so instead of creating a
crontab file for a specific user, these tasks are placed into the /etc/crontab file or in
files in the /etc/cron.d directory.
1. The default /etc/crontab file only contains basic variable setting and comments.
Switch to the root account and view the /etc/crontab file:
su
netlab123

cat /etc/crontab

17
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

2. Notice that there is "extra" field in this crontab file that was not in a regular
user's crontab file: the user-name to run the command as. Use an editor of
your choice to add the following line at the bottom of the /etc/crontab file:
0 2 * * 0 root who >> /tmp/whothere

Your output should be similar to the following:

3. To enable this, you may need to reboot (not ideal) or restart the crond service.
Execute the following command to restart the crond service:
service crond restart

Your output should be similar to the following:

18
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

4. The crond daemon also looks in the /etc/cron.d directory for additional
crontab files. These are internally "merged" together by the crond daemon
with the /etc/crontab. Typically, these files are placed in this directory by
software vendors who need to schedule regular processes. As an example, run
the following commands to view the /etc/cron.d/smolt file:
ls /etc/cron.d
cat /etc/cron.d/smolt

Your output should be similar to the following:

Note that as the superuser, you rarely need to administer the files in /etc/cron.d.
However, you should be aware of what they contain as they could pose a potential
security risk.

19
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Linux+ Lab Series (LX0-102) Lab 5: crontab and at

5. The crond daemon also looks in the following directories: /etc/cron.hourly,

/etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly. These
directories contain scripts (typically BASH shell scripts) that are run on a regular
basis. For example, the scripts in /etc/cron.hourly are executed once an hour.
As an example, look at the /etc/cron.daily/tmpwatch file by executing the
following commands:
ls /etc/cron.daily
cat /etc/cron.daily/tmpwatch

Your output should be similar to the following:

In this example, the /etc/cron.daily/tmpwatch script runs a binary command,

which is also called tmpwatch. The purpose of this command is to routinely
delete temporary files from directories like /tmp and /var/tmp.
Note that as the superuser, you rarely need to administer the files in these directories.
These scripts are typically placed here during software installed by vendors who need
tasks to be executed on a regular basis. However, you should be aware of what they
contain as they could pose a potential security risk.
6. Click the X in the upper-right corner to close the terminal window.
7. Close the Fedora Workstation remote pc window.
8. Click the Im Done button to end the reservation.

20
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where
otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.