adding a job to crontab via shell script
 

hi all,
im not that what someone calls a shell guru , not to say i suck at shell scripting ;)
but i m in need of some info about the following:

is it possible to add a job to crontab with a shell script?
i want to have a user configure some things through a webfrontend, php generates some required files and finally a shell script, triggered by php, adds a new line to crontab.
is this black magic or is it that im lame?

any help is welcome, thanks

tazio

I guess you could, but it's an ugly way to use cron IMHO. :)

Just append the line you want to add to /var/spool/cron/crontabs/$USER. The location of the users' crontabs may be different on your distro (I run Debian).

You would need to make sure the user Apache runs as has write access to the crontab(s) you wish to alter, but keep in mind this is *extremely* bad security-wise. Someone could add whatever commands they want to your crontab if you're not extremely cautious and know exactly what you're doing.

Håkan

from the manual I see some interesting options:

If you run crontab -l, the contents of the crontab is returned. After adding a line, and return it to "crontab -", you've modified the crontab.

I haven't tested this, but these lines might work:

this is not black magic :D some shell powers really make Linux feel like magic to me... and this is all reality :p

How would that work when Apache (which runs PHP, which in turns executes the shell script) doesn't run as the user who owns the crontab you wish to edit? Using expect and using su and the root password in the script wouldn't be good at all.

I'd rather add the Apache user to the crontab group, but I don't know what's worse security-wise.

Håkan

thanks. ...and I'm a little amazed; you've posted your reply in a few seconds, while I was editing my post :)


does anyone know btw how to start a script as a different user then 'httpd'? I'm still obsessed with running fetchmail from a PHP or CGI script.

Now we're crossposting. I replied, reread your reply and then changed my post. And now I'll try to find out a better solution. :)

Håkan

thanks for the quick answers!
yes im aware of the security aspects, its just the beginning of a project and i have to think about many many many things ;)
this machine wouldnt be accessible from the net, just one or two persons have acces to this machine and the main reason is to edit some timetable of on or two cronjobs...
so they cant put theyre own commands into this file, only the time when a job should start should be edited.

so now i start trying to f*ck things up :)

thanks

tazio

yup. that wasn't really smart :p we shouldn't edit our posts that much :)

But a solution I was looking for is something like 'suexec' (haven't tried that one though yet).. ie a program that changes to another user, and executes the command.

To switch to another user, you need to become root first. A suid-root program like 'su', or 'suexec' does this. If you call "su <otheruser>", it simply changes directly to another user environment ;)