How to set up crontab permissions to be readable by apache

Question

I have a django application which should read and write to a crontab. However if I create the file with this:

sudo su www-data
crontab -e

I can see that:

# ls -la
total 12
drwx-wx--T 2 root     crontab 4096 Aug 13 16:28 .
drwxr-xr-x 5 root     root    4096 May  1  2012 ..
-rw------- 1 www-data crontab  202 Aug 13 16:28 www-data

However the file is still not readable and writeable by django. If I switch with sudo to www-data user I can't edit the file. How to setup the permissions properly?

Answer 1

You are not allowed to read that dir, for good reason.

You can however:

1. Read the file with crontab -l
2. Replace the crontab with crontab /path/to/file/which/will/replace/it.

So a workable solution would be:

1. Store current crontab -l in some tempfile.
2. Do you modifications on that tempfile
3. Install that tempfile with crontab /path/to/tempfile

The reason is in man cron:

Users are not allowed to edit the files under that directory directly to ensure that only users allowed by the system to run periodic tasks can add them, and only syntactically correct crontabs will be written there. This is enforced by having the directory writable only by the crontab group and configuring crontab command with the setgid bid set for that specific group.