= Crontab on CS managed machines =

This page describes how to run jobs from crontab on CS managed machines and from AFS home directories. The instructions are adopted from https://cs.stanford.edu/computing-guide/data-storage-sharing/afs/batch-and-cron-jobs.

{{{#!wiki caution
'''Only CS managed machines'''

Please note that this will only work on CS managed machines, e.g. [[Hulk]], [[Rocky]].
}}}

=== 1. Init your keytab ===

Run akcron to initialize your keytab file:

{{{
akcron -i
}}}

=== 2. Test if you received the tokens ===

It is always good to see if we received the necessary tokens. Do it with the following command:

{{{
akcron -c tokens
}}}

Your output should be similar to this:

{{{
Tokens held by the Cache Manager:

User's (AFS ID 70223) tokens for afs@cs.stanford.edu [Expires Aug 23 19:19]
   --End of list--
}}}

If there is an error please let Andrej know about it.

=== 3. Directory permissions ===

The command you ran on step 1 actually creates a new special user with the following name:

{{{
your_csid.cron
}}}

Since this is a new user, you need to grant it the rights to whatever directories your crontab script requires access to. Say I had a script called HulkCron.sh that was in the directory ~/HulkCron/. If I wanted to run that with ak cron I would set up my permissions like this:

{{{
fs setacl ~/ your_csid.cron read
fs setacl ~/HulkCron/ your_csid read
}}}

If my script is actually doing something useful and I want to save the output of that script to a file, I would define the ACLs for the ~/HulkCron/ directory like this:

{{{
fs setacl ~/HulkCron/ your_csid write
}}}

==== Listing permissions ====

I can check the permissions I have set like this:

{{{
fs listacl ~/HulkCron/
}}}

The output of the command could be similar to this:

{{{
Access list for /afs/cs.stanford.edu/u/akrevl/HulkCron/ is
Normal rights:
  system:administrators rlidwka
  akrevl rlidwka
  akrevl.cron rl
}}}

This means that user system and group administrators has '''rlidwka''' permission. Users akrevl and akrevl.cron also kave a '''rlidwka''' permission. That doesn't say much, so let's have a look at what those letters mean:

 * '''l''' is the lookup or list permission and gives user the permission to list files in the directory.
 * '''i''' is the insert permission that allows a user to create new files in the directory.
 * '''d''' is the delete permission and it allows a user to delete files from a directory.
 * '''a''' is the administer permission that allows the user to change ACLs for the directory.
 * '''r''' is the read permission and it allows the user to read a file.
 * '''w''' is the write permission and it allows the user to write data to a file.
 * '''k''' is the lock permission that allows the user to lock files in the directory. 

{{{#!wiki tip
'''Shorter commands'''

You can use the shorter form of commands in the ''fs'' utility. You can replace ''listacl'' with ''la'', ''setacl'' with ''sa'', etc. 
}}}


==== Recursively setting permissions ====

It seems that there is no ''chmod -R'' command, but we can somehow manage with the rest of the GNU toolkit. Here is how we can set permissions on all the subdirectories of ~7z directory:

{{{
find ~/7z/ -type d -exec fs setacl {} akrevl.cron read \;
}}}

{{{#!wiki warning
'''You may void your warranty'''

Bad things will happen if you this on recursively mounted filesystems. So make sure that you are only executing this in your own directories that do not contain links to any other filesystems.
}}}

==== Temporary files ====

Make sure that your permissions are correctly set also for the directories where the temporary files are stored. You might want to check if your new special user (your_csid.cron) has the necessary permissions on the local filesystem e.g. /tmp. 

==== Special note for 7z users ====

7z might sometimes use temporary files. These are created in /tmp by default. You can override this with the -w switch, for example:

{{{
~/bin/7za a -w/afs/cs.stanford.edu/u/akrevl/HulkCron/ ~/HulkCron/ParadiseLost.7z ~/HulkCron/ParadiseLost.txt
}}}

Please note that -w does not understand the ~ shorthand for your home directory. 

Also note that your_csid.cron will need access to the 7z binary and all the libraries associated with it.

=== 4. Setup your crontab ===

Now you can set up your crontab as you normally would:

{{{
crontab -e
}}}

But make sure that you prefix your command/script with '''akcron''' and put it in some single quotes. For example:

{{{
0 3 * * * akcron -c '~/HulkCron/backupMyFiles.sh'
}}}