Scheduling a Single System Task (at)

The following sections describe how to use the at command to perform the following tasks:

• Schedule jobs (command and scripts) for execution at a later time

• How to display and remove these jobs

• How to control access to the at command

By default, users can create, display, and remove their own at job files. To access at files that belong to root or other users, you must have superuser privileges.

When you submit an at job, it is assigned a job identification number along with the .a extension. This designation becomes the job's file name, as well as its queue number.

Description of the at Command

Submitting an at job file involves these steps:

1. Invoking the at utility and specifying a command execution time.

2. Typing a command or script to execute later.

   ---

   Note - If output from this command or script is important, be sure to direct the output to a file for later examination.

   ---

For example, the following at job removes core files from the user account smith near midnight on the last day of July.

$ at 11:45pm July 31
at> rm /home/smith/*core*
at> Press Control-d
commands will be executed using /bin/csh
job 933486300.a at Tue Jul 31 23:45:00 2004

Controlling Access to the at Command

You can set up a file to control access to the at command, permitting only specified users to create, remove, or display queue information about their at jobs. The file that controls access to the at command, /etc/cron.d/at.deny, consists of a list of user names, one user name per line. The users who are listed in this file cannot access at commands.

The at.deny file, which is created during SunOS software installation, contains the following user names:

daemon
bin
smtp
nuucp
listen
nobody
noaccess

With superuser privileges, you can edit the at.deny file to add other user names whose at command access you want to restrict.

How to Create an at Job

1. Start the at utility, specifying the time you want your job executed.

   $ at [-m] time [date] 

   -m

   Sends you email after the job is completed.

   time

   Specifies the hour that you want to schedule the job. Add am or pm if you do not specify the hours according to the 24-hour clock. Acceptable keywords are midnight, noon, and now. Minutes are optional.

   date

   Specifies the first three or more letters of a month, a day of the week, or the keywords today or tomorrow.

2. At the at prompt, type the commands or scripts that you want to execute, one per line.

   You may type more than one command by pressing Return at the end of each line.

3. Exit the at utility and save the at job by pressing Control-D.

   Your at job is assigned a queue number, which is also the job's file name. This number is displayed when you exit the at utility.

Example 8-7 Creating an at Job

The following example shows the at job that user jones created to remove her backup files at 7:30 p.m. She used the -m option so that she would receive an email message after her job completed.

$ at -m 1930
at> rm /home/jones/*.backup
at> Press Control-D
job 897355800.a at Thu Jul  12 19:30:00 2004

She received a email message which confirmed the execution of her at job.

Your “at” job “rm /home/jones/*.backup”
completed.

The following example shows how jones scheduled a large at job for 4:00 a.m. Saturday morning. The job output was directed to a file named big.file.

$ at 4 am Saturday
at> sort -r /usr/dict/words > /export/home/jones/big.file

How to Display the at Queue

• To check your jobs that are waiting in the at queue, use the atq command. This command displays status information about the at jobs that you have created.

  $ atq

How to Verify an at Job

• To verify that you have created an at job, use the atq command. In the following example, the atq command confirms that at jobs that belong to jones have been submitted to the queue.

  $ atq
  Rank      Execution Date     Owner     Job         Queue   Job Name
    1st   Jul 12, 2004 19:30   jones  897355800.a     a     stdin
    2nd   Jul 14, 2004 23:45   jones  897543900.a     a     stdin
    3rd   Jul 17, 2004 04:00   jones  897732000.a     a     stdin

How to Display at Jobs

• To display information about the execution times of your at jobs, use the at -l command.

  $ at -l [job-id]

  where the -l job-id option identifies the identification number of the job whose status you want to display.

Example 8-8 Displaying at Jobs

The following example shows output from the at -l command, which provides information on the status of all jobs submitted by a user.

$ at -l
897543900.a    Sat Jul 14 23:45:00 2004
897355800.a    Thu Jul 12 19:30:00 2004
897732000.a    Tue Jul 17 04:00:00 2004

The following example shows the output that is displayed when a single job is specified with the at -l command.

$ at -l 897732000.a
897732000.a        Tue Jul 17 04:00:00 2004

How to Remove at Jobs

Before You Begin

Become superuser or assume an equivalent role to remove an at job that belongs to root or another user. Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

You do not need to become superuser or assume an equivalent role to remove your own at job.

1. Remove the at job from the queue before the job is executed.

   $ at -r [job-id]

   where the -r job-id option specifies the identification number of the job you want to remove.

2. Verify that the at job is removed by using the at -l (or the atq) command.

   The at -l command displays the jobs remaining in the at queue. The job whose identification number you specified should not appear.

   $ at -l [job-id]

Example 8-9 Removing at Jobs

In the following example, a user wants to remove an at job that was scheduled to execute at 4 a.m. on July 17th. First, the user displays the at queue to locate the job identification number. Next, the user removes this job from the at queue. Finally, the user verifies that this job has been removed from the queue.

$ at -l
897543900.a    Sat Jul 14 23:45:00 2003
897355800.a    Thu Jul 12 19:30:00 2003
897732000.a    Tue Jul 17 04:00:00 2003
$ at -r 897732000.a
$ at -l 897732000.a
at: 858142000.a: No such file or directory

How to Deny Access to the at Command

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Edit the /etc/cron.d/at.deny file and add the names of users, one user name per line, that will be prevented from using the at commands.

   daemon
   bin
   smtp
   nuucp
   listen
   nobody
   noaccess
   username1
   username2
   username3
   .
   .
   .

Example 8-10 Denying at Access

The following example shows an at.deny file that has been edited so that the users smith and jones cannot access the at command.

$ cat at.deny
daemon
bin
smtp
nuucp
listen
nobody
noaccess
jones
smith

How to Verify That at Command Access Is Denied

• To verify that a username was added correctly to the /etc/cron.d/at.deny file, use the at -l command while logged in as the user. If the user smith cannot access the at command, the following message is displayed.

  # su smith
  Password:
  $ at -l
  at: you are not authorized to use at.  Sorry.

  Likewise, if the user tries to submit an at job, the following message is displayed:

  $ at 2:30pm
  at: you are not authorized to use at.  Sorry.

  This message confirms that the user is listed in the at.deny file.

  If at command access is allowed, then the at -l command returns nothing.