In Linux, the crontab command is used to schedule execution of commands at certain time intervals whether it be hourly, daily, monthly or every x amount of minutes. This article is designed to show you the simple way of understanding crontab.
Understanding the fields:
# (Use to post in the top of your crontab)
# ------------- minute (0 - 59)
# | ----------- hour (0 - 23)
# | | --------- day of month (1 - 31)
# | | | ------- month (1 - 12)
# | | | | ----- day of week (0 - 6) (Sunday=0)
# | | | | |
# * * * * * command to be executed
We can see that if you include the field for command to be executed there are a total of six fields that can be used when setting up a cron job.
Setting up a cron job:
The first thing we want to do is open up the crontab. To do this, we need to execute the followingcommand:
root@foo~:# crontab -e
This will open crontab in the default editor on your system, which is usually Vi. To modify this editor, as root, execute the following command:
root@foo~:# export VISUAL=’nano -w’
Once inside the editor, you will want to refer to the fields above in order to schedule a cron job for the appropriate time. Here are some examples:
*/5 * * * * /home/adam/script.sh will execute script.sh every 5 minutes. This will set crontab every 5 minutes. 59 23 * * 1-5 /home/adam/script.sh will execute script.sh every day, monday through friday, at 11:59 p.m. 0 0 * * 0 /home/adam/script.sh will execute script.sh once a week. You could also specify @weeklyinstead of 0 0 * * 0.
0 23 1 * * /home/adam/script.sh will execute script.sh once a month, on the first, at 11:00 PM. You could also specify @monthly in place of 0 23 1 * *.
Example 1 Cleaning up Core Files
This example cleans up core files every weekday morning at 3:15 am:
To set up a forgotten password site:
1. Set up a separate PIA site on your web server. See GSC Document:613093.1 – How to install an additional PeopleSoft site. Applying this resolution would allow you to have two sites pointing to the same database, with one bypass signon enabled and in the other disabled. The only difference would be the URL where we would be specifying the site you want to access.
2. Set up a direct connection to the site, as in a link that leads right to it.
3. In the web profile, enable public access and specify a public user ID and password for automatic authentication.
4. This direct user should have limited access, as in only to the Email New Password component. Users go directly to it, and get a new password mailed.
5. Place a link to the forgotten password site, within the public portion of the PeopleSoft portal, or on another public website.
6. Notify your user community of the link.
The following steps below will help you in the actual setup of the permission list, role, and user that is used in this forgotten password process.
NOTE: Passwords that are generated by the Forgot Password function are always upper case.
WARNING: If you use a “superuser” account for your database (such as PS or VP1) be sure that you have another account that can access the security area before setting this process up because you may end up changing the password for that account. This could not only lock yourself out of your database while experimenting with this but everyone else too if that user is used to start your application server.
Additional Precautions: If you choose not follow the suggestion by PeopleBooks and use a second PeopleSoft site, for the forgot password link, but want to use the same site, there are a few things to keep in mind.
First: Starting with PeopleTools 8.18.xx patches and 8.42 PeopleSoft stopped allowing a hard coded user id and password in the url.
Second: This will affect Workflow Notification emails. If you are using bypass signon and only one PIA installation you will have an issue when it comes to workflow notification emails. They use the user ID to bypass the logon and the forgot password user will get an error when attempting this. See GSC Solution ID: 200763620 and 200752312 and incident 710193000. For PeopleTools 8.44 see Document:622190.1 – PT : 8.44 How to setup bypass signon?
Third: Also if you are using nVision drill downs and not using a different web profile for bypass signon, then you will also have issues where it will try to drill down as the bypass signon user, which is your forgotten password user and you will not have access. Therefore it is important that you setup a second PIA site specifically for the forgotten password setup AND use a different web profile for that site.
Steps to setting up the forgotten password link:
1a. Create a permission list called “MAILPSWD”.
1b. On the Pages tab of this Permission List you will need to authorize the component called EMAIL_PSWD. This is done by adding the Menu named MAINTAIN_SECURITY and hit edit component. Find the component called EMAIL_PSWD with the description Forgot My Password. Edit the pages and select all.
1c. Now go to the Component Interface tab of this same Permission List, add and give full access to the USERMAINT_SELF component.
1d. Now go to the Web Libraries tab of this same Permission List and add the WEBLIB_PORTAL and WEBLIB_PT_NAV web libraries edit and give FULL access to ALL iscripts. Save and go to step 2.
2. Create a Role called “Forgot Password”. This role will have only 1 permission list, the MAILPSWD permission list you just created. Add this Permission List and save.
3a. Create a new User called “FORGOTPASSWORD”. Create a password for this user and remember it, as it is case sensitive, and you will be using it again in step 9. The User ID Type for this user should be none and on the roles tab you will want to add the role you just created called “Forgot Password”.
3b. Now sign out and test singing on as this FORGOTPASSWORD user and see if you can logon.
4. Open the Permission List “ALLPANLS” (or whatever Permission List your users have in common maybe the WEBLIB permission list). On the General tab turn on the checkbox that says “Allow Password to be Emailed?” and save.
5a. Under PeopleTools > Security > User Profile > Forgot Password Hint. Add a new password hint (note the ID doesn’t matter – just use 01, 02, etc.). Pick some question that will have a fairly short answer like “What is your pet’s name?” or whatever you feel like.
5b. You also need to go under PeopleTools > Security > User Profile > Forgot My Password Email Text to add whatever comments you want returned on the email you are sending to users. You MUST also add < <%PASSWORD>> to the end, so something like this: Don’t let this happen again!< <%PASSWORD>> – and save.
6. Go to “My System Profile”. Note that, as the name implies, you will be updating the profile of whatever user you are currently logged in as.
7. Make sure that the email address for this user, and any other user profile who will be using this functionality, is filled in and points to an account that you can use to retrieve email from.
8. While still in the “My Profile click on the link “Change or set up forgotten password help”. Select the appropriate question to ask the user (this prompt list will list out any questions that you added in step 5. Then fill in the answer that will correctly answer the question. Note that this answer gets converted to all UPPERCASE. Make sure that you save the user profile. ALL Users will be required to set this up BEFORE they can use the Forgot Password link.
9. Use Notepad (or whatever editor you prefer) to edit the signin.html file in your web server directory that you installed PeopleSoft into. The filename will most likely be something like c:\bea\wlserver6.1\config\peoplesoft\applications\portal\web-inf\psftdocs\ps\signin.html or
You’ll find two lines that look like the following (hint: search for the string “pwd”)
and the following in tools 8.49 and above :
Insert a new line after the first one, so that you have something that looks like this:
NOTE- Please look at the attached document to see what the URL should look like.
If you don’t know what is the url you need to add before MAINTAIN_SECURITY, navigate to PeopleTools–>Security–>User Profiles, and open any content reference in this menu. All the components referenced are in the MAINTAIN_SECURITY menu and therefore they have same url than EMAIL_PSWD.GBL. So copy/paste the URL before MAINTAIN_SECURITY to your link.
NOTE – Starting with PeopleTools 8.41.05 stopped allowing a hard coded user id and password in the url. Forgot password has a url with user id and password in url. You therefore MUST update the configuration.properties file with the following settings:
HOWEVER for PeopleTools 8.44 or greater this process has changed and is no longer done in the configuration.properties file but done online using allow public access in your web profile settings. See Document:622190.1 – PT : 8.44 How to setup bypass signon. In 8.44 and greater you will want to do the following steps:
1. Create a new webprofile called FORGOTPASSWORD
2. Set that webprofile to bypasssignon.
3. In your second PIA site make sure you are using the FORGOTPASSWORD web profile in your configuration.properties file for that site.
Save the files and bounce your web server.
NOTE: The URL in the signin.html SHOULD BE ‘psp’. psc was used in Peopletools 8.1x and will not work for the portal.
You may get also get a menu with an error message saying, First operand of . is NULL, so cannot access member Count (2,236) At PT_NAV.NavPortal.OnExecutFindFilterName PCPC:8156 Statement 197.
Or and error that says “You are not Authorized to access this page” with the user listed on the page.
This is because you do not have any menu access to the portal. You will not get this error if there are any portal folders marked as public on the security tab of the folders in the portal structure & content however you will also see folders to which you have no access to anything other than see them.
To fix this issue you need to navigate to PeopleTools > Portal > Structure & Content and edit the Tools-Hidden folder. If you click on the security tab you will notice that your Permission list (MAIL_PSWD) is not listed there. You will need to add it to this hidden folder to get the link to work correctly. It can be added by either running the Portal Security Synch process, or by opening the permission list in question, removing the page access, saving the permission list, then adding the page access back and saving. This will update the portal structure with the correct permission list access. Note that there is no left navigation to this page or menu as it is located in a hidden folder in the portal.
10. Go to the signon page. You should now see a hyperlink right below the password box that says, Forgot your password? Clicking on this link will give you a page that allows you to input your user id. Type in whatever user id that you were logged in as when you did the My Profile stuff.
11. Then you will be presented with the question that you setup for this user. Type in the correct answer and then you will get the password mailed to you.
12. Use the new password to logon.
Addition Comments: If you get any errors when setting this up please go back and check the following:
Permission List – Forgot My Password – Email_Pswd -> Full Access
Component Interface – USERMAINT_SELF -> Full Access
Check to make sure your SMTP setting are correct on the app server. Otherwise you will get an error that an email cannot be sent to this user. Also make sure ALL users have valid email addresses in their user profiles.
NOTE: If you are using Password controls be sure to set the LASTPSWDCHANGE field in the PSOPRDEFN table for the user you created ‘ForgotPassword’ to a future date so it’s password does not expire, otherwise this user will not be able to logon to get to the hint page for the user trying to get a new password (See Document:611621.1 -E-SEC: Can you control which users have password controls?)
If you are using the Enterprise Portal then in order to get the forgotten password user to be able to logon without having the left hand menu access, or without having to give the user the PAPP_USER role, you will want to navigate to PeopleTools > Portal > Structure & Content and drill down on the Tools – Hidden folder. Open the Forgot my password Cref and click on the No Template checkbox half way down on the general tab. This will take the user directly to this page and not allow the portal navigation.
NOTE: There is no windows client option here, this is web based only. The forgotten password functionality is setup using the web server and bypass signon. The client does not use the web server. For client users, the user could always logon through the web, change their password then go into the client.
You can use PeopleSoft Data Mover in one of the following modes: user or bootstrap.
User (Regular) Mode
Most of the time you will sign onto PeopleSoft Data Mover in user mode. To do this, you simply enter your PeopleSoft user ID (like PS or VP1) and password at the signon screen.
At times, you need to signon on to PeopleSoft Data Mover in bootstrap mode, which means using the database access ID (like SYSADM or sa) and password at the signon screen. Typically, using bootstrap mode is necessary for database loading because there are no PeopleSoft security tables established yet. Bootstrap mode is also used for running some security commands, such as, ENCRYPT_PASSWORD.
In bootstrap mode, the following commands are not valid: EXPORT, RENAME, and REPLACE_VIEW
We can verify if PIA and load balancer are setup correctly with the following checklist:
1. For customers that use a load balancer, Oracle recommends using a cookie (session) based load balancer and sticky bits enabled. For more information on cookie based load balancing and sticky bits, please follow up with your load balancer vendor.
** If you’re running Enterprise Portal and have content providers, please ensure that all Enterprise Portal webserver cookie name are all exactly the same. The content provider’s webserver cookie names should have their own set of cookie names. Therefore, both Portal and content should not have the exact same cookie name. Suppose Enterprise Portal had 4 webservers and HR had 4 webservers. All 4 Enterprise Portal cookie names could be eportal-7011-PORTAL-PSJSESSIONID, but all 4 HR cookie names could be hrms-7011-PORTAL-PSJSESSIONID.
3. In weblogic.xml, ensure CookieDomain is set in all weblogic.xml. This value is automatically set when entering the authentication domain during the PIA install. If the authentication domain isn’t set during PIA install, please reinstall PIA and set authentication domain.
4. In PIA, navigate to “PeopleTools -> Web Profile -> Web Profile Configurations”. Search for your Web Profile. Click on
Virtual Address and populate your default addressing. For example, suppose your end users access your load balancer with the following URL:@http://mycompany.com/ps/signon.html You would need to set the following:
* The above is an example. You’ll need to populate with your load balancer info.
5. Please ensure PIA “Inactivity Logout” in seconds matches HTTP timeout in minutes.
a) In PIA, navigate to “PeopleTools -> Web Profile -> Web Profile Configurations”. Search for webprofile. Click on “Security” tab. PIA timeout is “Inactivity Logout” in seconds. Suppose “Inactivity Logout” = 1200 seconds.
b) In WebLogic, open web.xml file. This file can be found in the following directory:
In this example, ensure WebLogic HTTP timeout is 20 minutes to match “Inactivity Logout” (1200 seconds).
The Load Balancer’s timeout should be higher than the PIA “Inactivity Logout” timeout and webserver HTTP timeout. Please consult with load balancer vendor to find out where to set load balancer timeout.
6. After updating weblogic.xml, web.xml and webprofile, you must bounce your webservers.
Drivestream is a Global Management and Technology Consulting Services company. We provide both strategic advice and tactical support for implementing, developing, upgrading and maintaining Transaction Management & Information Management Business Applications and have been in business since 2002.
Visit us at www.drivestream.com