cron

Manage cron on AIX, Solaris and RHEL

Geoff Williams

geoffwilliams

6,667 downloads

5,991 latest version

1.9 quality score

Version information

  • 0.1.3 (latest)
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Feb 14th 2017

Start using this module

Documentation

geoffwilliams/cron — version 0.1.3 Feb 14th 2017

Build Status

cron

Table of Contents

  1. Description
  2. Usage - Configuration options and additional functionality
  3. Reference - An under-the-hood peek at what the module is doing and how
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module

Description

This module manages file permissions for the cron daemon on RHEL, Solaris and AIX. On RHEL, anacron may also be installed.

Usage

cron::anacron

  • Install anacron
  • Manage permissions for:
    • /etc/anacrontab
include cron::anacron

cron::cron_allow_deny

  • Manage the permissions for:
    • cron.allow
  • Removes cron.deny
  • Authorises passed in list of users in cron.allow by ensuring that each user is present in the file (does not delete existing entries)
class {"cron::cron_allow_deny":
  allow_users => ['root', 'adm'],
}

cron::protect_config

  • Normally applies to modern RHEL cron daemons
  • Manage permissions for:
    • /etc/crontab
    • /etc/cron.hourly
    • /etc/cron.daily
    • /etc/cron.weekly
    • /etc/cron.monthly
    • /etc/cron.d
include cron::protect_config

cron::protect_log

  • Protect cron's log file by enforcing correct permissions
include cron::protect_log

cron::protect_spool

  • Protect cron's spool files and directories by enforcing correct permissions:
    • root's crontab restricted to 0700
    • All crontabs restricted to 0770
    • All crontabs owned by the correct group (root for RedHat and Solaris, cron on AIX)
include cron::protect_spool

cron::protect_var

  • Protect cron's /var directory by enforcing correct permissions (Solaris)
include cron::protect_var

Suggested per-OS usage

RHEL

include cron::anacron
include cron::protect_config
include cron::protect_log

Solaris

class {"cron::cron_allow_deny":
  allow_users => ['root'],
}include cron::protect_log
include cron::protect_var

AIX

class {"cron::cron_allow_deny":
  allow_users => ['root', 'adm'],
}
include cron::protect_log
include cron::protect_spool

Reference

Classes

  • cron::anacron Manage anacron package and permissons on anacrontab (RedHat)
  • cron::cron_allow_deny Control permissions and content on cron.allow/cron.deny (AIX, Solaris)
  • cron::params Params pattern
  • cron::protect_configs Protect configuration file permissions (RedHat)
  • cron::protect_log Protect the log file with correct permissions (RedHat, AIX, Solaris)
  • cron::protect_spool Protect the spool directories (RedHat, AIX, Solaris)
  • cron::protect_var Protect cron's directory under /var (Solaris)

Limitations

  • Assumes that cron itself is already installed
  • Does not attempt to manage the cron services
  • Not supported by Puppet, Inc.

Development

PRs accepted :)

Testing

This module supports testing using PDQTest.

Test can be executed with:

bundle install
bundle exec pdqtest all

See .travis.yml for a working CI example