-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2008-Jan-10, at 08:47, Adam Moskowitz wrote:
"Gary Richardson" <gary.richardson@xxxxxxxxx> wrote:I think the per user crontabs should be avoided. . . . I'm sure we've all had instances where critical crontabs stop running after an account isdisabled when an employee leaves.While I tend to agree that, for "operational" processes, user crontabsshould be avoided, I do not agree with Gary's reasoning. Having a criticalprocess run out of an individual user's crontab is bad, this is not a technical problem and does not require a technical solution. In other words, even if user crontabs are available, don't use them foroperational processes, document that such use is prohibited, and enforcethis via managerial means.
I think the distinction has to be made between a user that is an individual person, and a user like 'apache' or 'daemon'.
Running anything production out of a person's crontab is asking for trouble. But, using per-user crontabs for system accounts, where access can be granted through sudo or similar tools for various users to manage them, *without* giving access to root's cron entries in / etc/cron, is to be encouraged.
Matt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFHhkXJmFeRJ0tjIxERArAyAJ4igtuJpQtpqA1SpHmqlnEk1pDjSgCfV10q gwoY5N0yXHCsAQZoWp052r8= =5gCG -----END PGP SIGNATURE-----