Commit | Line | Data |
---|---|---|
693d8207 GR |
1 | Vixie Cron Changes from V2 to V3 |
2 | Paul Vixie | |
3 | 29-Dec-1993 | |
4 | ||
5 | The crontab command now conforms to POSIX 1003.2. This means that when you | |
6 | install it, if you have any "crontab" command lines floating around in shell | |
7 | scripts (such as /etc/rc or /etc/rc.local), you will need to change them. | |
8 | ||
9 | I have integrated several changes made by BSDi for their BSD/386 operating | |
10 | system; these were offerred to me before I started consulting for them, so | |
11 | it is safe to say that they were intended for publication. Most notably, | |
12 | the name of the cron daemon has changed from "crond" to "cron". This was | |
13 | done for compatibility with 4.3BSD. Another change made for the same reason | |
14 | is the ability to read in an /etc/crontab file which has an extra field in | |
15 | each entry, between the time fields and the command. This field is a user | |
16 | name, and it permits the /etc/crontab command to contain commands which are | |
17 | to be run by any user on the system. /etc/crontab is not "installed" via | |
18 | the crontab(1) command; it is automatically read at startup time and it will | |
19 | be reread whenever it changes. | |
20 | ||
21 | I also added a "-e" option to crontab(1). Nine people also sent me diffs | |
22 | to add this option, but I had already implemented it on my own. I actually | |
23 | released an interrim version (V2.2, I think) for limited testing, and got a | |
24 | chance to fix a bad security bug in the "-e" option thanks to XXX. | |
25 | ||
26 | The daemon used to be extraordinarily sloppy in its use of file descriptors. | |
27 | A heck of a lot of them were left open in spawned jobs, which caused problems | |
28 | for the daemon and also caused problems with the spawned jobs if they were | |
29 | shell scripts since "sh" and "csh" have traditionally used hidden file | |
30 | descriptors to pass information to subshells, and cron was causing them to | |
31 | think they were subshells. If you had trouble with "sh" or "csh" scripts in | |
32 | V2, chances are good that V3 will fix your problems. | |
33 | ||
9a6196c8 NW |
34 | About a dozen people have reminded me that I forgot to initialize |
35 | "crontab_fd" in database.c. Keith Cantrell was the first, so he gets the | |
36 | point. | |
37 | ||
38 | Steve Simmons reminded me that once an account has been deleted from the | |
39 | system, "crontab -u USER -d" will not work. My solution is to suggest to | |
40 | all of you that before you delete a user's account, you first delete that | |
41 | user's crontab file if any. From cron's point of view, usernames can never | |
42 | be treated as arbitrary strings. Either they are valid user names, or they | |
43 | are not. I will not make an exception for the "-d" case, for security | |
44 | reasons that I consider reasonable. It is trivial for a root user to delete | |
45 | the entry by hand if necessary. | |
46 | ||
47 | Dan O'Neil reminded me that I forgot to reset "log_fd" in misc.c. A lot of | |
48 | others also reminded me of this, but Dan gets the point. I didn't fix it | |
49 | there, since the real bug was that it should have been open in the parent. | |
50 | ||
51 | Peter Kabal reminded me that I forgot to "#ifdef DEBUGGING" some code in | |
52 | misc.c. Hans Trompert actually told me first, but Peter sent the patch so | |
53 | he gets the point. | |
693d8207 GR |
54 | |
55 | Russell Nelson told me that I'd forgotten to "#include <syslog.h>" in misc.c, | |
9a6196c8 NW |
56 | which explains why a lot of other people complained that it wasn't using |
57 | syslog even when they configured it that way :-). Steve Simmons told me | |
58 | first, though, so he gets the point. | |
693d8207 | 59 | |
9a6196c8 NW |
60 | An interrim version of the daemon tried to "stat" every file before |
61 | executing it; this turned out to be a horribly bad idea since finding the | |
62 | name of a file from a shell command is a hard job (that's why we have | |
63 | shells, right?) I removed this bogus code. Dave Burgess gets the point. | |
693d8207 GR |
64 | |
65 | Dennis R. Conley sent a suggestion for MMDF systems, which I've added to the | |
66 | comments in cron.h. | |
67 | ||
9a6196c8 NW |
68 | Mike Heisler noted that I use comments in the CONVERSION file which are |
69 | documented as illegal in the man pages. Thanks, Mike. | |
70 | ||
71 | Irving Wolfe sent me some very cheerful changes for a NeXT system, but I | |
72 | consider the system itself broken and I can't bring myself to #ifdef for | |
73 | something as screwed up as this system seems to be. However, various others | |
74 | did send me smaller patches which appear to have cause cron to build and run | |
75 | correctly on (the latest) NeXT machines, with or without the "-posix" CFLAG. | |
76 | Irving also asked for a per-job MAILTO, and this was finally added later when | |
77 | I integrated the BSD/386 changes contributed by BSDi, and generalized some of | |
78 | the parsing. | |
79 | ||
80 | Lots of folks complained that the autogenerated "Date:" header wasn't in | |
81 | ARPA format. I didn't understand this -- either folks will use Sendmail and | |
82 | not generate a Date: at all (since Sendmail will do it), or folks will use | |
83 | something other than Sendmail which won't care about Date: formats. But | |
84 | I've "fixed" it anyway... | |
693d8207 GR |
85 | |
86 | Several people suggested that "*" should be able to take a "/step". One person | |
87 | suggested that "N/step" ought to mean "N-last/step", but that's stretching things | |
88 | a bit far. "*/step" seems quite intuitive to me, so I've added it. Colin Plumb | |
89 | sent in the first and most polite request for this feature. | |
90 | ||
91 | As with every release of Cron, BIND, and seemingly everything else I do, one | |
92 | user stands out with the most critical but also the most useful analysis. | |
93 | Cron V3's high score belongs to Peter Holzer, who sent in the nicest looking | |
94 | patch for the "%" interpretation problem and also helped me understand a | |
95 | tricky bit of badness in the "log_fd" problem. | |
96 | ||
97 | agulbra@flode.nvg.unit.no wins the honors for being the first to point out the | |
98 | nasty security hole in "crontab -r". 'Nuff said. | |
99 | ||
100 | Several folks pointed out that log_it() needed to exist even if logging was | |
101 | disabled. Some day I will create a tool that will compile a subsystem with | |
102 | every possible combination and permutation of #ifdef options, but meanwhile | |
103 | thanks to everybody. | |
104 | ||
105 | job_runqueue() was using storage after freeing it, since Jordan told me back | |
106 | in 1983 that C let you do that, and I believed him in 1986 when I wrote all | |
107 | this junk. Linux was the first to die from this error, and the Linux people | |
108 | sent me the most amazing, um, collection of patches for this problem. Thanks | |
109 | for all the fish. | |
110 | ||
111 | Jeremy Bettis reminded me that popen() isn't safe. I grabbed Ken Arnold's | |
112 | version of popen/pclose from the ftpd and hacked it to taste. We're safe now, | |
113 | from this at least. | |
114 | ||
115 | Branko Lankester sent me a very timely and helpful fix for a looming security | |
116 | problem in my "crontab -e" implementation. | |
117 | ||
118 | -------- | |
119 | ||
120 | Vixie Cron Changes from V1 to V2 | |
121 | Paul Vixie | |
122 | 8-Feb-1988 | |
123 | ||
124 | Many changes were made in a rash of activity about six months ago, the exact | |
125 | list of which is no longer clear in my memory. I know that V1 used a file | |
126 | called POKECRON in /usr/spool/cron to tell it that it was time to re-read | |
127 | all the crontab files; V2 uses the modtime the crontab directory as a flag to | |
128 | check out the crontab files; those whose modtime has changed will be re-read, | |
129 | and the others left alone. Note that the crontab(1) command will do a utimes | |
130 | call to make sure the mtime of the dir changes, since the filename/inode will | |
131 | often remain the same after a replacement and the mtime wouldn't change in | |
132 | that case. | |
133 | ||
134 | 8-Feb-88: made it possible to use much larger environment variable strings. | |
135 | V1 allowed 100 characters; V2 allows 1000. This was needed for PATH | |
136 | variables on some systems. Thanks to Toerless Eckert for this idea. | |
137 | E-mail: UUCP: ...pyramid!fauern!faui10!eckert | |
138 | ||
139 | 16-Feb-88: added allow/deny, moved /usr/spool/cron/crontabs to | |
140 | /usr/lib/cron/tabs. allow and deny are /usr/lib/cron/{allow,deny}, | |
141 | since the sysv naming for this depends on 'at' using the same | |
142 | dir, which would be stupid (hint: use /usr/{lib,spool}/at). | |
143 | ||
144 | 22-Feb-88: made it read the spool directory for crontabs and look each one | |
145 | up using getpwnam() rather than reading all passwds with getpwent() | |
146 | and trying to open each crontab. | |
147 | ||
148 | 9-Dec-88: made it sync to :00 after the minute, makes cron predictable. | |
149 | added logging to /var/cron/log. | |
150 | ||
151 | 14-Apr-90: (actually, changes since December 1989) | |
152 | fixed a number of bugs reported from the net and from John Gilmore. | |
153 | added syslog per Keith Bostic. security features including not | |
154 | being willing to run a command owned or writable by other than | |
155 | the owner of the crontab 9not working well yet) |