Im hoping someone on here can help me with this issue im having as i have tried loads of things and i cant seem to come up with a solution.
I have a CentOS box running Apache webserver with PHP thats non public facing.
I have written some PHP webpages to allow a user to create a script after they input the variables and it will run every X minutes (user input).
Now , all of this runs perfectly , the script gets created , all settings are correct , but the one problem im having is that i need to add it as a cronjob and have it removable again if required.
I have the webpage capable to editing /etc/crontab , but in order to do this /etc/crontab has to be set ot 0660 (anything group writable) but i have discovered that for cron to work , it needs to be non writable for groups and have the owner root.
I have tried creating a crontab for apache , but have discovered that its not editable using normal ways and needs the crontab -e command to edit it , which the webpage cant do.
I have tried setting apache up as root and that lead to lots of other issues - security doesnt like that it seems
In brief , crontab set to 0660 means all editing works perfectly but cron wont run , 0640 means not editable but the cronjobs run.
is there a way to fix it so that i can keep the cronjobs running but still edit /etc/crontab , or get a working cron for apache and a way to edit it ? the user cons are in /etc/spool/cron/apache
Thanks if anyone can help.
Is it not possible to set up a cron job that calls out to another script, one that has the right permissions attached? As it's not a public-facing server you could fix the permissions on that file by setting the sticky bit. You could then edit the target script rather than the cron files.
Thanks for the reply roscoff.
The webpage creates a perl script that logs into a cisco router once the user puts in its username , password , ip address , enable pass and reload time.
It does this for 100's of different IP's when required ( i work for a business based ISP ) so that if the router starts to lock up , we can have it reload in X minutes and if not , the script will log in and start the timer again.
Anyway , each login requires a different set of information and times so the cron times are different per site which is why i wanted the webpage to edit the crontab and set a time based on that ip address
for example :
ip_address_1 --> log in every 10 minutes using Ip_address_1 script
ip_address_2 --> log in every 50 minutes using IP_address_2 script
and so on.
Its so close to working, but yet it wont which is why its so annoying - and its just the permissions thing thats stopping it , but an alternative might be the way to go on this alright, though i dont see it being as flexible as the current version.
If you insist on having your webserver edit /etc/crontab directly, then maybe you create a script whose sole job is to do that. It would take the necessary parameters (time, ip addr, etc.) as command line args. Then add a sudo entry for apache to be able to call the script, so that root is the only one doing the editing and perms should be okay.
Now your web page just has to make a 'sudo /path/to/crontab-modifier.sh' call. Would that work?
@atreyu, that might actually work and my head was so muddled i didnt even think of doing it like that - thanks a million for the input , much appreciated !!
Ill let you know how i get on !