So how about this idea?
I'm using PHPList to send newsletters and have to uncomment the cronjob when I'm ready have a new one processed. So I wrote a function that gets a copy of the current crontab.
exec("crontab -l", $crontab);
Then it searches for the PHPList cronjob, and checks to see if it's commented out. The program edits the copy of the crontab (commenting the cronjob if it's uncommented, or vice versa), and then saves the copy to a temp file and adds that as the new crontab.
Works fine when I run it from the commandline as my personal user, but when I try to run it from the web page, it fails. When I run it from a web page, it's running under the 'apache' user, right? So maybe that user doesn't have permission to run crontab? Or maybe it's trying to get the crontab for 'apache' instead of my user?
And how safe is it to be running this kind of thing on the web anyway? The only link to this program would be from within PHPList which does some user authentication. And I don't use any user data in the exec() function. So I'm fine.. right?