Dizwell Informatics

News from Nowhere

Running Crontab jobs as Root

Solaris won’t, by default, let you modify the supplied crontab file for the root user. Try it, and you’ll get this sort of thing:

[email protected]:~# export EDITOR=nano
[email protected]:~# crontab -e
Warning - Invalid account: 'root' not allowed to execute cronjobs
The crontab file was not changed.

You can edit the crontab file as much as you like after receiving that message, but it won’t be saved and certainly won’t make any operational difference to your crontab entries.

So if you need to cron something as root, how do you do it? By editing /etc/shadow. When you open that file up in the text editor of your choice, you will see something like this:

root:$5$UyzB4IE8$qZdSth.09Baa8u2L4940Xx1r786Aglc8HMQThGXub/.:0::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
...
[and so on]

The zero you see on the end of the ‘root:’ line is the culprit. Change that to 1, like so:

root:$5$UyzB4IE8$qZdSth.09Baa8u2L4940Xx1r786Aglc8HMQThGXub/.:1::::::

Save that and try to alter your root crontab now and you should find that no more warnings are displayed. More importantly, you’ll find alterations to your root crontab now persist.

The alteration to /etc/shadow is actually telling the system that the root password has been changed 1 day after January 1st 1970. Which isn’t, of course, true: I can’t log on to my Solaris boxen as root at all, because he’s not a ‘real’ user, just a role I can assume thanks to sudo. The edit, however, makes it seem as if root is real -and at that point, he’s allowed to have a crontab file he can edit. Hence subsequent crontab -e‘s work as expected.