[arch-dev-public] Use systemd timers instead of /etc/cron.{hourly, daily, weekly, monthly}?
Daniel Micay
danielmicay at gmail.com
Thu Mar 27 21:01:17 EDT 2014
On 27/03/14 08:01 PM, Thomas Bächler wrote:
> Since systemd 212, systemd timers support the Persistent=true option for
> OnCalendar timers. This is functionality similar to anacron:
>
> Persistent=
> Takes a boolean argument. If true the service unit is immediately
> triggered when the timer unit is activated and the timer elapsed at
> least once since the last time the service unit has been triggered
> by the timer unit. The time when the service unit was last
> triggered is stored on disk. This is useful to catch up for missed
> timers when a machine is shutdown temporarily and then is powered
> up again. Note that this setting only has an effect on timers
> configured with OnCalendar=.
>
> This means that we could replace the cron.* dropin scripts with systemd
> services and timers.
>
> Pros:
> * enabled by default (in contrast to cronie)
> * systems without need for crontabs can disable/uninstall cron
> * service will be simpler than the rather long dropin scripts
>
> Cons:
> * services are run in parallel instead of sequentially (is this even a
> con? timer start will be randomized, and we can increase accuracy to an
> hour to randomize even more)
> * no holdoff time after boot as it seems
>
> Affected packages:
>
> community/awstats 7.2-1 /etc/cron.hourly/awstats
> community/snapper 0.2.1-1 /etc/cron.hourly/snapper
> community/sysstat 10.3.1-1 /etc/cron.hourly/sysstat
>
> core/logrotate 3.8.7-1 /etc/cron.daily/logrotate
> core/man-db 2.6.6-1 /etc/cron.daily/man-db
> core/mlocate 0.26-1 /etc/cron.daily/updatedb
> core/shadow 4.1.5.1-7 /etc/cron.daily/shadow
> extra/hylafax 6.0.6-4 /etc/cron.daily/hylafax
> community/atop 2.0.2-1 /etc/cron.daily/atop
> community/dspam 3.10.2-8 /etc/cron.daily/dspam_maintenance
> community/logwatch 7.4.0-3 /etc/cron.daily/0logwatch
> community/snapper 0.2.1-1 /etc/cron.daily/snapper
> community/sysstat 10.3.1-1 /etc/cron.daily/sysstat
>
> extra/pkgstats 2.3-3 /etc/cron.weekly/pkgstats
> community/squid 3.4.4-1 /etc/cron.weekly/squid
>
> I'd be willing to convert all the core packages and put them to testing
> if people agree that this is the right course.
I think it would make sense to remove cronie from base when these are
migrated to timer units. It's not enabled by default, and ships with a
setuid binary (crontab) so it opens up a vulnerability in the base install.
Among others (although one requires cron to be enabled):
* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0424
* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6097
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140327/dc1ea580/attachment-0001.asc>
More information about the arch-dev-public
mailing list