I've got a (deployment) script, that runs under my user 'me' and it should change the crontab of user 'ruby-server'. Am I right that the -u option (of crontab) doesn't help me much unless I use sudo or su? Is there a way, I can change an other users crontab without sudo or su. (I've got access to the entire system. )
Why this problem you ask? Answer: If I deploy an application as 'me' and run it as 'ruby-server', obviously I want to write the crontab as 'me' but the commands should be in the crontab of the 'ruby-server'. Because if someone else deploys, we should change the same crontab of the same user
[edit 1]
I've a group of users (the 'deployers') that have access to a server. I have one user ('ruby-server') that has via ssh and private key access to an other server to get some files. This copy is scripted via rsync and should be run every day. Now, I think, it would be cool if the 'deployers' could write to the 'ruby-server's crontab to specify / change the way the files are copied. Ideas?
Best Answer
If your system has ACL you can grant access to the cronfile to the developers. If all the deployers are all part of a group named "deployers" you can modify the crontab file with the command displayed below, that would allow members of the group to modify it.
Keep in mind that /var/spool/cron/ruby-server must have the proper permissions: "chmod 0600 /var/spool/cron/ruby-server" will fix it if you see "BAD FILE MODE" messages in /var/log/cron
Also, the filesystem must have ACL enabled, running something like "tune2fs -l /dev/mapper/blah | grep -i acl" should be enough (substitute /dev/mapper/blah for the partition containing your /var/spool/cron directory)