Passing Standard Input To Commands In Crontab

ByThe Aha Unix Team

Using Standard Input with Cron Jobs

Cron jobs scheduled by the crontab utility allow system administrators to automate common tasks like backups, log rotations, and more. While cron jobs normally operate independently without user input, there may be cases where passing dynamic data into a cron command is helpful.

For example, an administrator could create a cron job that compresses log files daily. Rather than compressing a hardcoded set of logs, it can be useful to generate the list programmatically. This allows compressing logs from new or transient services without needing to continually update the crontab entry.

There are several methods available for passing standard input to cron commands at runtime. These include piping data from other commands, using here documents, redirecting input from files, or specifying inline input when defining the crontab entry.

Sending Data to Cron Commands

Pipe Operator

A common method for sending data to Linux commands is with the pipe operator (|). This pipes the standard output from one program into the standard input of another.

For example, rather than compressing a fixed set of log files, an administrator could pipe the ls command to gzip to compress all files in a directory:

0 0 * * * ls /var/log/*.log | gzip > /backups/logs-$(date +%F).gz

This would pass the list of all log files from /var/log/ and compress them daily. Any new logs added to that directory would get automatically compressed without updating the cron entry itself.

Here Document

Another option is using a here document, or heredoc, to pass standard input. A here document allows redirecting multiple lines of input text to a command.

For example, to backup specific directories and databases, an administrator could define the list inline:

0 2 * * * tar -cvzf /backups/mybackup-$(date +%F).tar.gz <

This would backup the listed directories by passing each one as input to the tar command when executed. As requirements change, directories can be added or removed from the heredoc without altering the crontab definition itself.


Cron Configuration


STDIN Redirect


In addition to piping data from other commands, crontab entries can explicitly redirect standard input from a file using <. For example, to rotate logs based on a dynamically generated list:


0 3 * * * /scripts/logrotate.sh < /tmp/logs_to_rotate.txt



Where /tmp/logs_to_rotate.txt contains the desired logs, one per line. This detaches the log rotate script from needing fixed log names.


Inline Input


If the input data is simple, administrators can also specify it inline within the crontab entry.


For example, to compress a select set of log files:


  
30 2 * * * gzip access.log event.log trace.log



This will pass the named log files as standard input to gzip. Inline input works for simple cases but does not scale as well as other approaches.


Security Considerations


Validation


When passing external input to cron jobs, be sure to validate the data carefully. Malformed input could lead to unintended consequences like deleting important files or overwriting databases.


In most cases input should come from trusted sources like the system itself or administrator defined lists. Be suspicious of any user supplied input.


Permissions


Also restrict cron access with user permissions. Many distributions default to fairly open cron access for simplicity. However, in security sensitive environments, consider creating a dedicated cron user and restricting crontab access.


At minimum, ensure that any files used as standard input have read permissions locked down using ACLs. Validate that scripts and commands executed by cron only have necessary privileges so any vulnerabilities have reduced impact.


Usage Examples


Log Rotation


A common cron automation task is log rotation. This compresses and archives older log files to save disk space.


For example, to rotate system logs:


  
0 0 * * * cat /etc/logrotate.conf | /usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status



This runs the logrotate command daily, passing in the standard logrotate.conf. The -s flag tells logrotate to save its state for incremental rotations.


Automated Backups


Here documents provide an easy way to define backup lists for cron jobs.


30 2 * * * bash /scripts/db_backup.sh <

This would trigger the db_backup.sh script daily, passing the list of mysql and postgres databases to back up. The script itself could iterate through standard input and invoke database specific backup utilities.

Leave a Reply

Your email address will not be published. Required fields are marked *