Configure user crontab entries using correct 5-field scheduling, control cron email behavior with output redirection and MAILTO, and verify the crontab helper’s setuid permissions so ordinary users can safely manage their own cron jobs.
You need to configure user cron jobs correctly, control email
output behavior for scheduled tasks, and verify the
crontab
tool’s permissions so ordinary users can edit their own
schedules without direct write access to cron spool files.
Cron failures are often silent. Correct schedules, explicit output handling, and basic permission validation prevent “it ran but I never saw it” incidents.
crontab -e
.
>> file
so stderr is still mailed.
MAILTO=...
to route cron mail for the entire crontab.
/usr/bin/crontab
is commonly setuid root (writes into protected cron spool
areas).
crontab -e
This opens your personal crontab in an editor. On first use,
it creates the file. You do not edit cron spool files
directly. The
crontab
command handles safe installation.
0 13 * * 5 date
Minute
0
at hour
13
(1 PM), any day-of-month, any month, day-of-week
5
(Friday). This is the standard 5-field format for user
crontabs.
* * * * * ~/foobar.sh >> ~/output.log
>>
appends standard output to the file. Standard error is not
redirected here, so stderr still triggers cron mail. This is
a useful pattern when you want a log for normal output but
still want error visibility.
* * * * * ~/foobar.shRemoving redirection means any output (stdout or stderr) becomes eligible for cron mail delivery (subject to MAILTO). This is a common troubleshooting move when you suspect a job is failing silently.
MAILTO=emma
Place
MAILTO=emma
near the top of the crontab. It sets the recipient for mail
generated by any job output in that crontab.
ls -l /usr/bin/crontab
Many systems ship
crontab
as setuid root so users can install their crontabs into
protected spool directories. In a long listing, the setuid
bit appears as an
s
in the user execute position.
-rwsr-xr-x 1 root root ... /usr/bin/crontab
Check
/etc/cron.allow
and
/etc/cron.deny
policy on the system. If access is restricted, only approved
users can create or edit crontabs.
Cron runs with a minimal environment. Use full paths, ensure the script is executable, and redirect output intentionally. If you redirected stdout, errors may still be mailed, and if mail is not configured you may see nothing.
MAILTO controls the recipient, but mail delivery still depends on a working local MTA configuration. Confirm mail tooling is present and logs show successful delivery.
Behavior varies by distribution and policy. If the binary is not setuid, user cron management may rely on different mechanisms. Treat it as a configuration/policy check and verify how cron is implemented on that system.
Remove test entries so you do not leave noisy schedules behind on shared lab hosts. You can either edit the crontab and delete the lines or clear the user crontab entirely.
crontab -e
# OR (destructive: removes the entire user crontab)
crontab -r
crontab -l
shows only the entries you intend to keep, or nothing at all
if you removed the crontab.
crontab -e
: Opens your user crontab for editing.
-e
: Edit (create if missing).
* * * * * <command>
: Cron schedule format: minute hour day-of-month month day-of-week.
MAILTO=<user>
: Routes cron mail for any job output to a specific user.
> file
: Redirects stdout to a file (overwrite).
>> file
: Redirects stdout to a file (append).
ls -l /usr/bin/crontab
: Shows permissions and ownership for the crontab binary.
s
: Setuid bit when shown in the user execute position (example:
-rwsr-xr-x
).
crontab -l
: Lists the current user crontab.
crontab -r
: Removes the current user crontab.
-r
: Remove (destructive).