| 1 | Vixie Cron Changes from V2 to V3 |
| 2 | Paul Vixie |
| 3 | 29-Dec-1993 |
| 4 | |
| 5 | The crontab command now conforms to POSIX 1003.2. This means that when you |
| 6 | install it, if you have any "crontab" command lines floating around in shell |
| 7 | scripts (such as /etc/rc or /etc/rc.local), you will need to change them. |
| 8 | |
| 9 | I have integrated several changes made by BSDi for their BSD/386 operating |
| 10 | system; these were offerred to me before I started consulting for them, so |
| 11 | it is safe to say that they were intended for publication. Most notably, |
| 12 | the name of the cron daemon has changed from "crond" to "cron". This was |
| 13 | done for compatibility with 4.3BSD. Another change made for the same reason |
| 14 | is the ability to read in an /etc/crontab file which has an extra field in |
| 15 | each entry, between the time fields and the command. This field is a user |
| 16 | name, and it permits the /etc/crontab command to contain commands which are |
| 17 | to be run by any user on the system. /etc/crontab is not "installed" via |
| 18 | the crontab(1) command; it is automatically read at startup time and it will |
| 19 | be reread whenever it changes. |
| 20 | |
| 21 | I also added a "-e" option to crontab(1). Nine people also sent me diffs |
| 22 | to add this option, but I had already implemented it on my own. I actually |
| 23 | released an interrim version (V2.2, I think) for limited testing, and got a |
| 24 | chance to fix a bad security bug in the "-e" option thanks to XXX. |
| 25 | |
| 26 | The daemon used to be extraordinarily sloppy in its use of file descriptors. |
| 27 | A heck of a lot of them were left open in spawned jobs, which caused problems |
| 28 | for the daemon and also caused problems with the spawned jobs if they were |
| 29 | shell scripts since "sh" and "csh" have traditionally used hidden file |
| 30 | descriptors to pass information to subshells, and cron was causing them to |
| 31 | think they were subshells. If you had trouble with "sh" or "csh" scripts in |
| 32 | V2, chances are good that V3 will fix your problems. |
| 33 | |
| 34 | About a dozen people have reminded me that I forgot to initialize |
| 35 | "crontab_fd" in database.c. Keith Cantrell was the first, so he gets the |
| 36 | point. |
| 37 | |
| 38 | Steve Simmons reminded me that once an account has been deleted from the |
| 39 | system, "crontab -u USER -d" will not work. My solution is to suggest to |
| 40 | all of you that before you delete a user's account, you first delete that |
| 41 | user's crontab file if any. From cron's point of view, usernames can never |
| 42 | be treated as arbitrary strings. Either they are valid user names, or they |
| 43 | are not. I will not make an exception for the "-d" case, for security |
| 44 | reasons that I consider reasonable. It is trivial for a root user to delete |
| 45 | the entry by hand if necessary. |
| 46 | |
| 47 | Dan O'Neil reminded me that I forgot to reset "log_fd" in misc.c. A lot of |
| 48 | others also reminded me of this, but Dan gets the point. I didn't fix it |
| 49 | there, since the real bug was that it should have been open in the parent. |
| 50 | |
| 51 | Peter Kabal reminded me that I forgot to "#ifdef DEBUGGING" some code in |
| 52 | misc.c. Hans Trompert actually told me first, but Peter sent the patch so |
| 53 | he gets the point. |
| 54 | |
| 55 | Russell Nelson told me that I'd forgotten to "#include <syslog.h>" in misc.c, |
| 56 | which explains why a lot of other people complained that it wasn't using |
| 57 | syslog even when they configured it that way :-). Steve Simmons told me |
| 58 | first, though, so he gets the point. |
| 59 | |
| 60 | An interrim version of the daemon tried to "stat" every file before |
| 61 | executing it; this turned out to be a horribly bad idea since finding the |
| 62 | name of a file from a shell command is a hard job (that's why we have |
| 63 | shells, right?) I removed this bogus code. Dave Burgess gets the point. |
| 64 | |
| 65 | Dennis R. Conley sent a suggestion for MMDF systems, which I've added to the |
| 66 | comments in cron.h. |
| 67 | |
| 68 | Mike Heisler noted that I use comments in the CONVERSION file which are |
| 69 | documented as illegal in the man pages. Thanks, Mike. |
| 70 | |
| 71 | Irving Wolfe sent me some very cheerful changes for a NeXT system, but I |
| 72 | consider the system itself broken and I can't bring myself to #ifdef for |
| 73 | something as screwed up as this system seems to be. However, various others |
| 74 | did send me smaller patches which appear to have cause cron to build and run |
| 75 | correctly on (the latest) NeXT machines, with or without the "-posix" CFLAG. |
| 76 | Irving also asked for a per-job MAILTO, and this was finally added later when |
| 77 | I integrated the BSD/386 changes contributed by BSDi, and generalized some of |
| 78 | the parsing. |
| 79 | |
| 80 | Lots of folks complained that the autogenerated "Date:" header wasn't in |
| 81 | ARPA format. I didn't understand this -- either folks will use Sendmail and |
| 82 | not generate a Date: at all (since Sendmail will do it), or folks will use |
| 83 | something other than Sendmail which won't care about Date: formats. But |
| 84 | I've "fixed" it anyway... |
| 85 | |
| 86 | Several people suggested that "*" should be able to take a "/step". One person |
| 87 | suggested that "N/step" ought to mean "N-last/step", but that's stretching things |
| 88 | a bit far. "*/step" seems quite intuitive to me, so I've added it. Colin Plumb |
| 89 | sent in the first and most polite request for this feature. |
| 90 | |
| 91 | As with every release of Cron, BIND, and seemingly everything else I do, one |
| 92 | user stands out with the most critical but also the most useful analysis. |
| 93 | Cron V3's high score belongs to Peter Holzer, who sent in the nicest looking |
| 94 | patch for the "%" interpretation problem and also helped me understand a |
| 95 | tricky bit of badness in the "log_fd" problem. |
| 96 | |
| 97 | agulbra@flode.nvg.unit.no wins the honors for being the first to point out the |
| 98 | nasty security hole in "crontab -r". 'Nuff said. |
| 99 | |
| 100 | Several folks pointed out that log_it() needed to exist even if logging was |
| 101 | disabled. Some day I will create a tool that will compile a subsystem with |
| 102 | every possible combination and permutation of #ifdef options, but meanwhile |
| 103 | thanks to everybody. |
| 104 | |
| 105 | job_runqueue() was using storage after freeing it, since Jordan told me back |
| 106 | in 1983 that C let you do that, and I believed him in 1986 when I wrote all |
| 107 | this junk. Linux was the first to die from this error, and the Linux people |
| 108 | sent me the most amazing, um, collection of patches for this problem. Thanks |
| 109 | for all the fish. |
| 110 | |
| 111 | Jeremy Bettis reminded me that popen() isn't safe. I grabbed Ken Arnold's |
| 112 | version of popen/pclose from the ftpd and hacked it to taste. We're safe now, |
| 113 | from this at least. |
| 114 | |
| 115 | Branko Lankester sent me a very timely and helpful fix for a looming security |
| 116 | problem in my "crontab -e" implementation. |
| 117 | |
| 118 | -------- |
| 119 | |
| 120 | Vixie Cron Changes from V1 to V2 |
| 121 | Paul Vixie |
| 122 | 8-Feb-1988 |
| 123 | |
| 124 | Many changes were made in a rash of activity about six months ago, the exact |
| 125 | list of which is no longer clear in my memory. I know that V1 used a file |
| 126 | called POKECRON in /usr/spool/cron to tell it that it was time to re-read |
| 127 | all the crontab files; V2 uses the modtime the crontab directory as a flag to |
| 128 | check out the crontab files; those whose modtime has changed will be re-read, |
| 129 | and the others left alone. Note that the crontab(1) command will do a utimes |
| 130 | call to make sure the mtime of the dir changes, since the filename/inode will |
| 131 | often remain the same after a replacement and the mtime wouldn't change in |
| 132 | that case. |
| 133 | |
| 134 | 8-Feb-88: made it possible to use much larger environment variable strings. |
| 135 | V1 allowed 100 characters; V2 allows 1000. This was needed for PATH |
| 136 | variables on some systems. Thanks to Toerless Eckert for this idea. |
| 137 | E-mail: UUCP: ...pyramid!fauern!faui10!eckert |
| 138 | |
| 139 | 16-Feb-88: added allow/deny, moved /usr/spool/cron/crontabs to |
| 140 | /usr/lib/cron/tabs. allow and deny are /usr/lib/cron/{allow,deny}, |
| 141 | since the sysv naming for this depends on 'at' using the same |
| 142 | dir, which would be stupid (hint: use /usr/{lib,spool}/at). |
| 143 | |
| 144 | 22-Feb-88: made it read the spool directory for crontabs and look each one |
| 145 | up using getpwnam() rather than reading all passwds with getpwent() |
| 146 | and trying to open each crontab. |
| 147 | |
| 148 | 9-Dec-88: made it sync to :00 after the minute, makes cron predictable. |
| 149 | added logging to /var/cron/log. |
| 150 | |
| 151 | 14-Apr-90: (actually, changes since December 1989) |
| 152 | fixed a number of bugs reported from the net and from John Gilmore. |
| 153 | added syslog per Keith Bostic. security features including not |
| 154 | being willing to run a command owned or writable by other than |
| 155 | the owner of the crontab 9not working well yet) |