Is it possible to store user’s crontab in user’s git repository on OpenBSD

crongitopenbsdversion control

On OpenBSD and with OpenBSD's cron and crontab, is it possible to store the crontab(5) of a user in a git repository of the same user?

What would be the proper way to accomplish something like this?

(To steer the answer into the correct direction, I would not be opposed to changing some permissions in the system, although I'd rather not have to recompile the binaries, nor violate any good security paradigms.)

Best Answer

All users' crontabs are stored in a single directory, and users can't access that directory directly, they need to use the privileged command crontab.

Instead of storing the actual crontab file in version control, write a commit hook that runs crontab to push the latest version.

crontab "$HOSTNAME.crontab"

The simplest hook would be a post-commit hook. Run git rev-parse --abbrev-ref HEAD to find the current branch and git show --format=format: --name-status HEAD.

#!/bin/sh
commit=$(git rev-parse HEAD)
branch=$(git rev-parse --name-status "$commit")
git show --format=format: --name-status "$commit" |
while read -r status filename; do
  if [ "$branch" = "master" ] &&
     [ "$status" = "A" -o "$status" = "M" ] &&
     [ "$filename" = "crontabs/$HOSTNAME.crontab" ]; then
    crontab "$filename"
  fi
done

This doesn't handle merges or rebases, and doesn't register anything in the history if crontab fails. There's a bit of a paradigm clash here since git fundamentally has multiple branches but there's only a single crontab on a given machine at any given time. For added robustness, you might prefer to have a dedicated branch for live crontabs, and merge to that branch when you change the crontab file on your working branch.

Best Answer

Related Solutions

How to peek at the output of a running crontab task on OpenBSD

File permissions when removing user from git

Related Question