Displaying `crontab` Files

The crontab -l command displays the contents of your crontab file much the way the cat command displays the contents of other types of files. You do not have to change directories to /var/spool/cron/crontabs (where crontab files are located) to use this command.

By default, the crontab -l command displays your own crontab file. To display crontab files that belong to other users, you must be superuser.

How to Display a `crontab` File

(Optional) Become superuser to display a crontab file that belongs to root or another user.

Display the crontab file.
$ crontab -l [username]
Where username specifies the name of the user's account for which you want to create or edit a crontab file. To create or edit crontab files requires superuser privileges.

Caution - If you accidentally type the crontab command with no option, press the interrupt character for your editor. This character allows you to quit without saving changes. If you instead saved changes and exited the file, the existing crontab file is overwritten with an empty file.

Example--Displaying a `crontab` File

The following example shows how to use the crontab -l command to display the contents of the user's default crontab file, the default root crontab file, and the crontab file belonging to another user.

$ crontab -l
13 13 * * * chmod g+w /home1/documents/*.book > /dev/null 2>&1
$ suPassword:
# crontab -l
#ident  "@(#)root       1.19    98/07/06 SMI"   /* SVr4.0 1.1.3.1       */
#
# The root crontab should be used to perform accounting data collection.
#
# The rtc command is run to adjust the real time clock if and when
# daylight savings time changes.
#
10 3 * * * /usr/sbin/logadm
15 3 * * 0 /usr/lib/fs/nfs/nfsfind
1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean
# crontab -l jones
13 13 * * * cp /home/jones/work_files /usr/backup/. > /dev/null 2>&1

Removing `crontab` Files

By default, crontab file protections are set up so that you cannot inadvertently delete a crontab file by using the rm command. Instead, use the crontab -r command to remove crontab files.

By default, crontab -r removes your own crontab file. You must be superuser to remove crontab files that belong to superuser or other users.

You do not have to change directories to /var/spool/cron/crontabs (where crontab files are located) to use this command.

How to Remove a `crontab` File

(Optional) Become superuser to remove a crontab file that belongs to root or another user.

Remove the crontab file.
$ crontab -r [username]
Where username specifies the name of the user's account for which you want to create or edit a crontab file. To create or edit crontab files requires superuser privileges.

Caution - If you accidentally type the crontab command with no option, press the interrupt character for your editor. This character allows you to quit without saving changes. If you instead saved changes and exited the file, the existing crontab file is overwritten with an empty file.

Verify that the crontab file is removed.
# ls /var/spool/cron/crontabs

Example--Removing a `crontab` File

The following example shows how user smith uses the crontab -r command to remove his crontab file.

$ ls /var/spool/cron/crontabs
adm     jones     lp     root    smith    sys     uucp
$ crontab -r
$ ls /var/spool/cron/crontabs
adm     jones     lp     root    sys    uucp

Controlling Access to the `crontab` Command

You can control access to the crontab command by using two files in the /etc/cron.d directory: cron.deny and cron.allow. These files permit only specified users to perform the crontab command tasks such as creating, editing, displaying, or removing their own crontab files.

The cron.deny and cron.allow files consist of a list of user names, one per line. These access control files work together as follows:

If cron.allow exists, only the users listed in this file can create, edit, display, or remove crontab files.
If cron.allow does not exist, all users can submit crontab files, except for users listed in cron.deny.
If neither cron.allow nor cron.deny exists, superuser privileges are required to run the crontab command.

Superuser privileges are required to edit or create the cron.deny and cron.allow files.

The cron.deny file, created during SunOS software installation, contains the following user names:

$ cat /etc/cron.d/cron.deny
daemon
bin
smtp
nuucp
listen
nobody
noaccess

None of the user names in the default cron.deny file can access the crontab command. You can edit this file to add other user names that will be denied access to the crontab command.

No default cron.allow file is supplied. So, after Solaris software installation, all users (except the ones listed in the default cron.deny file) can access the crontab command. If you create a cron.allow file, only these users can access the crontab command.

How to Deny `crontab` Access

Become superuser.

Edit the /etc/cron.d/cron.deny file and add user names, one per line, who will be prevented from using crontab commands.
daemon bin smtp nuucp listen nobody noaccess username1 username2 username3 . . .

Verify the /etc/cron.d/cron.deny file.
# cat /etc/cron.d/cron.deny


18. Scheduling System Tasks (Tasks) Creating and Editing `crontab` Files How to Verify a `crontab` File

Displaying crontab Files

How to Display a crontab File

Example--Displaying a crontab File

Removing crontab Files

How to Remove a crontab File

Example--Removing a crontab File

Controlling Access to the crontab Command

How to Deny crontab Access