I'm trying to implement a configuration mechanism that allows a cron configuration to deploy through SVN.
I immediately thought that what I should do is create symlinks from /etc/cron.d/ to my project's cron file (which in turn is controlled by a Version Control System), but that seems to not be working.
I found some old forum messages stating that symlinks were not supported and others saying that they are. Which is it?
Is there anything else or any other good way to achieve this?
According to man crond
CAVEATS
All crontab files have to be regular files or symlinks to regular files, they must not be executable or writable for anyone else but the owner. This requirement can be overridden by using the -p option on the crond command line. If inotify support is in use, changes in the symlinked crontabs are not automatically noticed by the cron daemon. The cron daemon must receive a SIGHUP signal to reload the crontabs. This is a limitation of the inotify API.
The syslog output will be used instead of mail, when sendmail is not installed.
It annoyed the living crap out of me as well, In short yes you can use symlinks however, if not a regular file or a symlink to a regular file, it must use -p switch.
This has security implications! The scripts in /etc/cron.d/ are run by root with root privileges. It's a bad idea to symlink scripts that are owned by and writable for non-root users, since your system could be compromised that way.
I'd check the cron manpage for your version of Ubuntu (I assume we're talking Ubuntu on this forum!):
Files in this directory have to be owned by root, do not need to be executable (they are configuration files, just like /etc/crontab) and must conform to the same naming convention as used by run-parts(8): they must consist solely of upper- and lower-case letters, digits, underscores, and hyphens. This means that they cannot contain any dots.
As Florian points out, if this file is writable by non-root users, it's a security hole because the jobs will be run by root (for whoever is named as the job owner in the file). Also note, therefore, that
This directory can contain any file defining tasks following the format used in /etc/crontab, i.e. unlike the user cron spool, these files must provide the username to run the task as in the task definition.
i.e. pop the username in before the command to run.
