Automatisation des tâches système
Fedora is pre-configured to run important system tasks to keep the system updated. For example, the slocate database used by the locate command is updated daily. A system administrator can use automated tasks to perform periodic backups, monitor the system, run custom scripts, and so on.
Fedora comes with the following automated task utilities: cron, anacron, at, and batch.
Every utility is intended for scheduling a different job type: while Cron and Anacron schedule recurring jobs, At and Batch schedule one-time jobs (refer to Cron and Anacron and At and Batch respectively).
Fedora supports the use of systemd.timer
for executing a job at a specific time. See man systemd.timer(5)
for more information.
Cron and Anacron
Both Cron and Anacron can schedule execution of recurring tasks to a certain point in time defined by the exact time, day of the month, month, day of the week, and week.
Cron jobs can run as often as every minute. However, the utility assumes that the system is running continuously and if the system is not on at the time when a job is scheduled, the job is not executed.
On the other hand, Anacron remembers the scheduled jobs if the system is not running at the time when the job is scheduled. The job is then executed as soon as the system is up. However, Anacron can only run a job once a day. Also note that by default, Anacron only runs when your system is running on AC power and will not run if your system is being powered by a battery; this behavior is set up in the /etc/cron.hourly/0anacron
script.
Installing Cron and Anacron
To install Cron and Anacron, you need to install the cronie package with Cron and the cronie-anacron package with Anacron (cronie-anacron is a sub-package of cronie).
To determine if the packages are already installed on your system, issue the following command:
rpm -q cronie cronie-anacron
The command returns full names of the cronie and cronie-anacron packages if already installed, or notifies you that the packages are not available.
To install these packages, use the dnf command in the following form as root
:
dnf install package
For example, to install both Cron and Anacron, type the following at a shell prompt:
~]# dnf install cronie cronie-anacron
For more information on how to install new packages in Fedora, see Installing Packages.
Running the Crond Service
The cron and anacron jobs are both picked by the crond
service. This section provides information on how to start, stop, and restart the crond
service, and shows how to configure it to start automatically at boot time.
Starting and Stopping the Cron Service
To determine if the service is running, use the following command:
systemctl status crond.service
To run the crond
service in the current session, type the following at a shell prompt as root
:
systemctl start crond.service
To configure the service to start automatically at boot time, use the following command as root
:
systemctl enable crond.service
Configuring Anacron Jobs
The main configuration file to schedule jobs is the /etc/anacrontab
file, which can be only accessed by the root
user. The file contains the following:
SHELL=/bin/sh PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # the maximal random delay added to the base delay of the jobs RANDOM_DELAY=45 # the jobs will be started during the following hours only START_HOURS_RANGE=3-22 #period in days delay in minutes job-identifier command 1 5 cron.daily nice run-parts /etc/cron.daily 7 25 cron.weekly nice run-parts /etc/cron.weekly @monthly 45 cron.monthly nice run-parts /etc/cron.monthly
The first three lines define the variables that configure the environment in which the anacron tasks run:
-
SHELL
— shell environment used for running jobs (in the example, the Bash shell) -
PATH
— paths to executable programs -
MAILTO
— username of the user who receives the output of the anacron jobs by emailIf the
MAILTO
variable is not defined (MAILTO=
), the email is not sent.
The next two variables modify the scheduled time for the defined jobs:
-
RANDOM_DELAY
— maximum number of minutes that will be added to thedelay in minutes
variable which is specified for each jobThe minimum delay value is set, by default, to 6 minutes.
If
RANDOM_DELAY
is, for example, set to12
, then between 6 and 12 minutes are added to thedelay in minutes
for each job in that particular anacrontab.RANDOM_DELAY
can also be set to a value below6
, including0
. When set to0
, no random delay is added. This proves to be useful when, for example, more computers that share one network connection need to download the same data every day. -
START_HOURS_RANGE
— interval, when scheduled jobs can be run, in hoursIn case the time interval is missed, for example due to a power failure, the scheduled jobs are not executed that day.
The remaining lines in the /etc/anacrontab
file represent scheduled jobs and follow this format:
period in days delay in minutes job-identifier command
-
period in days
— frequency of job execution in daysThe property value can be defined as an integer or a macro (
@daily
,@weekly
,@monthly
), where@daily
denotes the same value as integer 1,@weekly
the same as 7, and@monthly
specifies that the job is run once a month regardless of the length of the month. -
delay in minutes
— number of minutes anacron waits before executing the jobThe property value is defined as an integer. If the value is set to
0
, no delay applies. -
job-identifier
— unique name referring to a particular job used in the log files -
command
— command to be executedThe command can be either a command such as ls /proc >> /tmp/proc or a command which executes a custom script.
Any lines that begin with a hash sign (#) are comments and are not processed.
Examples of Anacron Jobs
The following example shows a simple /etc/anacrontab
file:
SHELL=/bin/sh PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # the maximal random delay added to the base delay of the jobs RANDOM_DELAY=30 # the jobs will be started during the following hours only START_HOURS_RANGE=16-20 #period in days delay in minutes job-identifier command 1 20 dailyjob nice run-parts /etc/cron.daily 7 25 weeklyjob /etc/weeklyjob.bash @monthly 45 monthlyjob ls /proc >> /tmp/proc
All jobs defined in this anacrontab
file are randomly delayed by 6-30 minutes and can be executed between 16:00 and 20:00.
The first defined job is triggered daily between 16:26 and 16:50 (RANDOM_DELAY is between 6 and 30 minutes; the delay in minutes
property adds 20 minutes). The command specified for this job executes all present programs in the /etc/cron.daily/
directory using the run-parts script (the run-parts scripts accepts a directory as a command-line argument and sequentially executes every program in the directory). See the run-parts
man page for more information on the run-parts script.
The second job executes the weeklyjob.bash
script in the /etc/
directory once a week.
The third job runs a command, which writes the contents of /proc
to the /tmp/proc
file (ls /proc >> /tmp/proc) once a month.
Configuring Cron Jobs
The configuration file for cron jobs is /etc/crontab
, which can be only modified by the root
user. The file contains the following:
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed
The first three lines contain the same variable definitions as an anacrontab
file: SHELL
, PATH
, and MAILTO
. For more information about these variables, see Configuring Anacron Jobs.
In addition, the file can define the HOME
variable. The HOME
variable defines the directory, which will be used as the home directory when executing commands or scripts run by the job.
The remaining lines in the /etc/crontab
file represent scheduled jobs and have the following format:
minute hour day month day of week username command
The following define the time when the job is to be run:
-
minute
— any integer from 0 to 59 -
hour
— any integer from 0 to 23 -
day
— any integer from 1 to 31 (must be a valid day if a month is specified) -
month
— any integer from 1 to 12 (or the short name of the month such as jan or feb) -
day of week
— any integer from 0 to 7, where 0 or 7 represents Sunday (or the short name of the week such as sun or mon)
The following define other job properties:
-
username
— specifies the user under which the jobs are run. -
command
— the command to be executed.The command can be either a command such as ls /proc /tmp/proc or a command which executes a custom script.
For any of the above values, an asterisk (*) can be used to specify all valid values. If you, for example, define the month value as an asterisk, the job will be executed every month within the constraints of the other values.
A hyphen (-) between integers specifies a range of integers. For example, 1-4
means the integers 1, 2, 3, and 4.
A list of values separated by commas (,) specifies a list. For example, 3,4,6,8
indicates exactly these four integers.
The forward slash (/) can be used to specify step values. The value of an integer will be skipped within a range following the range with /integer
. For example, the minute value defined as 0-59/2
denotes every other minute in the minute field. Step values can also be used with an asterisk. For instance, if the month value is defined as */3
, the task will run every third month.
Any lines that begin with a hash sign (#) are comments and are not processed.
Users other than root
can configure cron tasks with the crontab utility. The user-defined crontabs are stored in the /var/spool/cron/
directory and executed as if run by the users that created them.
To create a crontab as a specific user, login as that user and type the command crontab -e to edit the user’s crontab with the editor specified in the VISUAL
or EDITOR
environment variable. The file uses the same format as /etc/crontab
. When the changes to the crontab are saved, the crontab is stored according to the user name and written to the file /var/spool/cron/username
. To list the contents of the current user’s crontab file, use the crontab -l command.
The /etc/cron.d/
directory contains files that have the same syntax as the /etc/crontab
file. Only root
is allowed to create and modify files in this directory.
Do not restart the daemon to apply the changes
The cron daemon checks the |
Controlling Access to Cron
To restrict the access to Cron, you can use the /etc/cron.allow
and /etc/cron.deny
files. These access control files use the same format with one user name on each line. Mind that no whitespace characters are permitted in either file.
If the cron.allow
file exists, only users listed in the file are allowed to use cron, and the cron.deny
file is ignored.
If the cron.allow
file does not exist, users listed in the cron.deny
file are not allowed to use Cron.
The Cron daemon (crond
) does not have to be restarted if the access control files are modified. The access control files are checked each time a user tries to add or delete a cron job.
The root
user can always use cron, regardless of the user names listed in the access control files.
You can control the access also through Pluggable Authentication Modules (PAM). The settings are stored in the /etc/security/access.conf
file. For example, after adding the following line to the file, no other user but the root
user can create crontabs:
-:ALL EXCEPT root :cron
The forbidden jobs are logged in an appropriate log file or, when using crontab -e, returned to the standard output. For more information, see the access.conf.5
manual page.
Black and White Listing of Cron Jobs
Black and white listing of jobs is used to define parts of a job that do not need to be executed. This is useful when calling the run-parts script on a Cron directory, such as /etc/cron.daily/
: if the user adds programs located in the directory to the job black list, the run-parts script will not execute these programs.
To define a black list, create a jobs.deny
file in the directory that run-parts scripts will be executing from. For example, if you need to omit a particular program from /etc/cron.daily/
, create the /etc/cron.daily/jobs.deny
file. In this file, specify the names of the programs to be omitted from execution (only programs located in the same directory can be enlisted). If a job runs a command which runs the programs from the /etc/cron.daily/
directory, such as run-parts /etc/cron.daily, the programs defined in the jobs.deny
file will not be executed.
To define a white list, create a jobs.allow
file.
The principles of jobs.deny
and jobs.allow
are the same as those of cron.deny
and cron.allow
described in section Controlling Access to Cron.
At and Batch
While Cron is used to schedule recurring tasks, the At utility is used to schedule a one-time task at a specific time and the Batch utility is used to schedule a one-time task to be executed when the system load average drops below 0.8.
Installing At and Batch
To determine if the at package is already installed on your system, issue the following command:
rpm -q at
The command returns the full name of the at package if already installed or notifies you that the package is not available.
To install the packages, use the dnf command in the following form as root
:
dnf install package
For example, to install both At and Batch, type the following at a shell prompt:
~]# dnf install at
For more information on how to install new packages in Fedora, see Installing Packages.
Running the At Service
The At and Batch jobs are both picked by the atd
service. This section provides information on how to start, stop, and restart the atd
service, and shows how to configure it to start automatically at boot time.
Starting and Stopping the At Service
To determine if the service is running, use the following command:
systemctl status atd.service
To run the atd
service in the current session, type the following at a shell prompt as root
:
systemctl start atd.service
To configure the service to start automatically at boot time, use the following command as root
:
systemctl enable atd.service
It is recommended that you configure your system to start the |
Configuring an At Job
To schedule a one-time job for a specific time with the At utility, do the following:
-
On the command line, type the command at TIME, where TIME is the time when the command is to be executed.
The TIME argument can be defined in any of the following formats:
-
HH:MM
specifies the exact hour and minute; For example,04:00
specifies 4:00 a.m. -
midnight
specifies 12:00 a.m. -
noon
specifies 12:00 p.m. -
teatime
specifies 4:00 p.m. -
MONTHDAYYEAR
format; For example,January 15 2012
specifies the 15th day of January in the year 2012. The year value is optional. -
MMDDYY
,MM/DD/YY
, orMM.DD.YY
formats; For example,011512
for the 15th day of January in the year 2012. -
now + TIME
where TIME is defined as an integer and the value type: minutes, hours, days, or weeks. For example,now + 5 days
specifies that the command will be executed at the same time five days from now.The time must be specified first, followed by the optional date. For more information about the time format, see the
/usr/share/doc/at-<version>/timespec
text file.If the specified time has past, the job is executed at the time the next day.
-
-
In the displayed
at>
prompt, define the job commands:-
Type the command the job should execute and press Enter. Optionally, repeat the step to provide multiple commands.
-
Enter a shell script at the prompt and press Enter after each line in the script.
The job will use the shell set in the user’s
SHELL
environment, the user’s login shell, or /bin/sh (whichever is found first).
-
-
Once finished, press Ctrl+D on an empty line to exit the prompt.
If the set of commands or the script tries to display information to standard output, the output is emailed to the user.
To view the list of pending jobs, use the atq command. See Viewing Pending Jobs for more information.
You can also restrict the usage of the at command. For more information, see Controlling Access to At and Batch for details.
Configuring a Batch Job
The Batch application executes the defined one-time tasks when the system load average decreases below 0.8.
To define a Batch job, do the following:
-
On the command line, type the command batch.
-
In the displayed
at>
prompt, define the job commands:-
Type the command the job should execute and press Enter. Optionally, repeat the step to provide multiple commands.
-
Enter a shell script at the prompt and press Enter after each line in the script.
If a script is entered, the job uses the shell set in the user’s
SHELL
environment, the user’s login shell, or /bin/sh (whichever is found first).
-
-
Once finished, press Ctrl+D on an empty line to exit the prompt.
If the set of commands or the script tries to display information to standard output, the output is emailed to the user.
To view the list of pending jobs, use the atq command. See Viewing Pending Jobs for more information.
You can also restrict the usage of the batch command. For more information, see Controlling Access to At and Batch for details.
Viewing Pending Jobs
To view the pending At and Batch jobs, run the atq command. The atq command displays a list of pending jobs, with each job on a separate line. Each line follows the job number, date, hour, job class, and user name format. Users can only view their own jobs. If the root
user executes the atq command, all jobs for all users are displayed.
Additional Command Line Options
Additional command line options for at and batch include the following:
Option | Description |
---|---|
|
Read the commands or shell script from a file instead of specifying them at the prompt. |
|
Send email to the user when the job has been completed. |
|
Display the time that the job is executed. |
Controlling Access to At and Batch
You can restrict the access to the at and batch commands using the /etc/at.allow
and /etc/at.deny
files. These access control files use the same format defining one user name on each line. Mind that no whitespace are permitted in either file.
If the file at.allow
exists, only users listed in the file are allowed to use at or batch, and the at.deny
file is ignored.
If at.allow
does not exist, users listed in at.deny
are not allowed to use at or batch.
The at daemon (atd) does not have to be restarted if the access control files are modified. The access control files are read each time a user tries to execute the at or batch commands.
The root
user can always execute at and batch commands, regardless of the content of the access control files.
Ressources supplémentaires
To learn more about configuring automated tasks, see the following installed documentation:
-
cron(8)
man page contains an overview of cron. -
crontab
man pages in sections 1 and 5:-
The manual page in section 1 contains an overview of the
crontab
file. -
The man page in section 5 contains the format for the file and some example entries.
-
-
anacron(8)
manual page contains an overview of anacron. -
anacrontab(5)
manual page contains an overview of theanacrontab
file. -
run-parts(4)
manual page contains an overview of the run-parts script. -
/usr/share/doc/at/timespec
contains detailed information about the time values that can be used in cron job definitions. -
at
manual page contains descriptions of at and batch and their command line options.
Want to help? Learn how to contribute to Fedora Docs ›