Skip to main content
Unix & Linux

Return to Answer

added 380 characters in body; edited body; added 175 characters in body
Source Link
dannysauer
dannysauer
  • 1.3k
  • 7
  • 15

Your current cron implementation probably supports /etc/cron.d, where jobs have an additional "run as" user specified after the regular time fields and before the command. So, just adjust your interface to create files in that directory like regular cron entries with the username (perhaps extracted from the loginuid) prepended after the fifth field. Then you can do one job per file. :)

Look at man 5 crontab https://linux.die.net/man/5/crontab

Note that the main problem with this is that a user who can edit files in that directory could create a file which runs as root. So, you probably want a wrapper script run via sudo which will validate the input and force the calculated username into the generated file. And then got need to make sure you're doing things securely within the script, like not trusting $PATH, etc.

PS, in a shell script: getent passwd $(</proc/self/loginuid)

Honestly, if you're making users know the cron time format, a few extra seconds to teach them to use crontab -e (and set $EDITOR if vi is scary) isn't terribly difficult.

Your current cron implementation probably supports /etc/cron.d, where jobs have an additional "run as" user specified after the regular time fields and before the command. So, just adjust your interface to create files in that directory like regular cron entries with the username (perhaps extracted from the loginuid) prepended after the fifth field. Then you can do one job per file. :)

Look at man 5 crontab https://linux.die.net/man/5/crontab

PS, in a shell script: getent passwd $(</proc/self/loginuid)

Your current cron implementation probably supports /etc/cron.d, where jobs have an additional "run as" user specified after the regular time fields and before the command. So, just adjust your interface to create files in that directory like regular cron entries with the username (perhaps extracted from the loginuid) prepended after the fifth field. Then you can do one job per file. :)

Look at man 5 crontab https://linux.die.net/man/5/crontab

Note that the main problem with this is that a user who can edit files in that directory could create a file which runs as root. So, you probably want a wrapper script run via sudo which will validate the input and force the calculated username into the generated file. And then got need to make sure you're doing things securely within the script, like not trusting $PATH, etc.

PS, in a shell script: getent passwd $(</proc/self/loginuid)

Honestly, if you're making users know the cron time format, a few extra seconds to teach them to use crontab -e (and set $EDITOR if vi is scary) isn't terribly difficult.

Source Link
dannysauer
dannysauer
  • 1.3k
  • 7
  • 15

Your current cron implementation probably supports /etc/cron.d, where jobs have an additional "run as" user specified after the regular time fields and before the command. So, just adjust your interface to create files in that directory like regular cron entries with the username (perhaps extracted from the loginuid) prepended after the fifth field. Then you can do one job per file. :)

Look at man 5 crontab https://linux.die.net/man/5/crontab

PS, in a shell script: getent passwd $(</proc/self/loginuid)