cron: fix things (mostly about fcron)
Document PATH behavior for each crond implementation.
This commit is contained in:
parent
583f8ee265
commit
72f10a2bdc
5
roles/cron/handlers/main.yml
Normal file
5
roles/cron/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Recompile fcron systab
|
||||||
|
command:
|
||||||
|
cmd: /usr/bin/fcrontab -z -u systab
|
||||||
|
removes: /var/spool/fcron/systab.orig
|
|
@ -1,4 +1,6 @@
|
||||||
---
|
---
|
||||||
|
# busybox's crond already inherits PATH so no need to do anything.
|
||||||
|
# It doesn't have allow/deny feature though
|
||||||
- name: crond | Add crond service to runlevel 'default'
|
- name: crond | Add crond service to runlevel 'default'
|
||||||
service:
|
service:
|
||||||
name: crond
|
name: crond
|
||||||
|
|
|
@ -14,7 +14,8 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
# btrbk runs btrfs command directly (without specifying /sbin prefix),
|
# btrbk runs btrfs command directly (without specifying /sbin prefix),
|
||||||
# hence we need to inherit PATH here
|
# hence we need to inherit PATH here. Also log to syslog
|
||||||
|
# (the default PATH is /usr/local/bin:/bin:/usr/bin)
|
||||||
- name: cronie | Configure command options for cronie service
|
- name: cronie | Configure command options for cronie service
|
||||||
copy:
|
copy:
|
||||||
content: |
|
content: |
|
||||||
|
|
|
@ -1,26 +1,39 @@
|
||||||
---
|
---
|
||||||
- name: fcron | Install fcron package
|
- name: fcron | Install fcron package
|
||||||
community.general.packaging.os.apk:
|
community.general.packaging.os.apk:
|
||||||
name: fcron
|
name: fcron, fcron-pam
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: fcron | Deny all users except root to access crontabs
|
- name: fcron | Deny all users to access crontabs
|
||||||
copy:
|
copy:
|
||||||
content: |
|
content: |
|
||||||
all
|
all
|
||||||
dest: /etc/fcron/fcron.deny
|
dest: /etc/fcron/fcron.deny
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: fcron
|
||||||
mode: 0644
|
mode: 0640
|
||||||
|
|
||||||
- name: fcron | Allow {{ username }} to access crontabs
|
- name: fcron | Allow {{ username }} and root to access crontabs
|
||||||
copy:
|
copy:
|
||||||
content: |
|
content: |
|
||||||
|
root
|
||||||
{{ username }}
|
{{ username }}
|
||||||
dest: /etc/fcron/fcron.allow
|
dest: /etc/fcron/fcron.allow
|
||||||
owner: root
|
owner: root
|
||||||
|
group: fcron
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
# The default PATH is /bin:/usr/bin
|
||||||
|
- name: fcron | Set PATH inside system crontab (systab)
|
||||||
|
lineinfile:
|
||||||
|
path: /var/spool/fcron/systab.orig
|
||||||
|
line: "PATH=/bin:/usr/bin:/sbin:/usr/sbin"
|
||||||
|
insertbefore: BOF
|
||||||
|
mode: 0640
|
||||||
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
state: present
|
||||||
|
notify: Recompile fcron systab
|
||||||
|
|
||||||
- name: fcron | Start fcron service on runlevel default
|
- name: fcron | Start fcron service on runlevel default
|
||||||
service:
|
service:
|
||||||
|
|
Reference in a new issue