also sprach Mark Ferlatte <ferlatte@cryptio.net> [2004.11.06.0123 +0100]:
> > I am trying to set up persistent crontabs in a FAI cluster by using
> > NFS to export /var/spool/cron/crontabs to the clients, thus
> > effectively storing the crontabs on the server. I further would like
> > to use root_squash.
>
> Do you really want your user's crontabs to run on every host in your cluster?
They are mounted from master:/srv/var/spool/crontabs/${HOSTNAME}, so
they are per host.
> > The question now is: how do I make this work? I do not want to
> > set no_root_squash because laptops could be used to mount the
> > crontabs export and modify away, subverting the user accounts.
>
> What about a script that looks in each users homedir for .crontab,
> and runs crontab -u $USER ~$USER/.crontab every, say hour or so?
> Put that script in your client /etc/cron.hourly, and push it.
This is definitely one idea. However, then my users cannot use
crontab(1) anymore, thus there will be no syntax checks, and
finally, this raises the issue of how to run a system-wide cron job
for all users. Where do I get the user list from? Everything with
a UID between 1000 and 10000 ?
One idea I had last night is a crontab wrapper, along with
a root_squash NFS export. A cron job copies the files from there to
/var/spool/cron/crontabs as you describe. But when the user calls
crontab, what happens is that the file is first explicitly copied
from the NFS mount, then crontab(1) is invoked, and upon exit, the
user crontab is saved back to the NFS. I think this would work fine,
don't you think?
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, user, and author
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature