Hi

Over the last day I've successfully configured a dynamic name server with bind . This is working, but I'm not convinced I've placed the scripts I've created in the best locations.

My home network connects to the internet via a netgear router. I've written a series of scripts that query the router for the ip address, query the dns server for ip address and if they don't match then send an update. Currently all my scripts sit in /root/ipupdate and all are owned by root. The primary script /root/ipupdate/update is kicked off by a cron job ever five minutes and is run as root.

Although this all works, it doesn't feel like I've got the most sensible set up in the world. I guess my questions are:

• Where should I place the scripts that do the work
• As non of the scripts need to be run as root, is it ok to run them as root? (I'm guessing not)
  (Which user should these scripts run as?)
• I'm placing the cron job in /etc/crontab, is this the best location for system admin tasks?

I've never totally understood the Linux file structure, which is why I tend to place everything in the home directory of the user I'm work as.

Apologies if this is in the wrong forum. As I think I'm asking a system/server administration question I thought this forums was the most appropriate. If there is a better forum, then please move this post.

This shouldn't be accessible to normal users so roots home dir is a perfectly valid location. If you created a script for anyone to use you'd probably want to put it under /usr/local/bin.

I'm not quite clear on the logic of your solution though, what's the purpose of the zone your dns server is hosting and is it internet facing ?

My though was that from a security standpoint any script that does not need root access should not be run as root. Problem is I don't know which user to run them as, or where to put them.

The set up is not important to my question, but for completeness, this is what I'm doing.

I have a vps on the internet running named that I use to host some sites.

I have a low spec centos web/ftp/mail development server sitting in the DMZ of my home network. When its finally configured correctly this will be shared between myself and I friend I work with. The machine used to live at his house, as he has a static IP address and I have a dynamic one, but as I'm the one more confident administering the server we decided to move it to my house and see if I could configure dynamic DNS using our VPS.
The scripts I'm asking about sit on the server at my home, kicked off by crond every five minutes and basically do the following:

1. user curl to access the admin interface to the netgear router to get the external ip address
2. use the 'host' command to get the ip address for our domain from the external dns serve
3. If my IP address is reassigned, then the two above ip's wont match. Then an nsupdate command is issued to set the new ip

Totally site / environment dependent. In the past, I've placed cronjob scripts in a few different locations, depending on use:

• /root/scripts
• /usr/local/bin
• /usr/local/deptscripts (for a large collection of scripts that logically go together)

You're correct. You should run your scripts with the least level of privilege required to do the job. (Select the user based on what the script is doing, and what permissions it needs. I have set up service accounts for exactly this sort of thing, when needed.)


As you know, you have at least three options:

1. /etc/crontab
2. /etc/cron.d
3. the user's crontab (usually in /var/spool/cron/, and edited using "crontab -e")

Your selection was not a bad one. Personally, I prefer to use /etc/cron.d to avoid cluttering up /etc/crontab. The user's crontab is also fine, but IMO it makes it easier to "forget" that you have cronjobs running for a particular user.

Read the manpages for hier(7). That may help, or it may further muddy the waters.

Thanks anomie, your response was really helpful.

I've read the man page for the file system hierarchy and it has answered some questions, but probably raised even more! I guess my main problem is that I don't fully understand what should go into the /usr directory and which system users have access to it.

Is the existence of the /usr directory a result of the common set up that *nix machines used to have? In that you would have a centralized server and group of machines that would connect to it. Then the individual user machines would only need enough file system to get them to boot (/bin and /sbin), but once they were booted, they could mount the /usr directory to get at the other software they needed from (/usr/bin and /usr/sbin). Have I got that totally wrong?

I feel that if I were to scatter scripts into /usr/bin that it would be a maintenance nightmare, so even though I only have four scripts, is there a good reason that I shouldn't put them into a project subdirectory of /usr/bin?

The thing I'm now most unsure of is the user to add to execute these scripts. With the command:
am I correct in thinking that this will create a new user called ipupdate, with no home directory and that does not have a shell loging? Can I use such a user to execute the ip update scripts I've described above? Is this the most appropriate user to create?

Thanks again for the help.

The difficulty with Linux sometimes is understanding that this is often (always) more than one correct way to get the job done.

With regards to file locations most are just conventions, which, over time are changed depending on either the distribution or other factors.

For instance, a shell script you write to do system administration tasks could be located anywhere really depending on which convention you want to use, system administrators that previously worked on unix systems might have stuck to the conventions that particular operating system had because that's what they were used to, so you might find a linux system that was built by an old school unix admin who would put all his shell scripts into /usr/local/bin but it doesn't meant that's where they have to go.

A more commonly adopted standard for the file system layout is the LSB (Linux Standard Base) have a look at this link. http://en.wikipedia.org/wiki/Filesys...archy_Standard

In regards to your original question, once you decide where you want to put the script. Make sure the user you created can access it and the file has the correct permissions. Then use the root account to edit the crontab file for that user.