Scheduling tasks on Linux with Cron and Intune

Here’s a simple guide to setting up cron jobs on Linux devices that are managed with Intune. I’ll break down the basics of what cron jobs are and the steps to get them running. Plus, we’ll look at a few real-world examples to see how they work in action.

Table of Contents

Introduction to Task Scheduling

Task scheduling is a fundamental aspect of managing a Linux system. It allows us to automate the execution of scripts and commands at specified times or intervals. This automation is crucial for sysadmins and developers who need to ensure that essential tasks like backups, updates, and system maintenance are performed consistently and without manual intervention.

What is Cron?

Cron is a tool in Unix-like systems that lets us set up commands or scripts to run automatically at certain times and dates. It’s like setting an alarm clock for your computer to do tasks like updates, installations, or check-ups without you having to remind it each time.

Cron Syntax

Cron jobs are set up in a file called a crontab. The format for scheduling a job looks like this:

Each asterisk acts as a placeholder for time settings. You fill in numbers to tell your computer when to do a task, like setting an alarm clock for specific times and dates.

Crontab File

To edit the crontab file, use the command:

crontab -e

List of Active Scheduled Tasks:

crontab -l

Delete scheduled tasks:

crontab -r

Common Cron Jobs

This command runs a backup script located at /path/to/backup/script.sh at 1:00 AM every day.

0 1 * * * /path/to/backup/script.sh

This command updates the package lists for upgrades of packages that need upgrading, and then upgrades the packages, at 2:30 AM every day.

30 2 * * * apt-get update && apt-get upgrade

This command deletes all files within the directory /path/to/temp/files/ at midnight on every Sunday.

0 0 * * 0 rm -rf /path/to/temp/files/*

Deploying Shell Scripts with Intune

For a few months now, we’ve had the ability to send scripts to Linux devices that are managed by Intune. It’s a bit different from how we normally tweak settings, especially compared to what we’re used to with Windows and MacOS devices in the Settings Catalog. But it’s definitely doable – you can set up and manage your Linux device using these shell scripts. When you’re ready to deploy a script with Intune, here’s what you need to do. But first: Let’s walk through the settings Intune offers for this:

Execution context: Select the context the script is executed in. Your options:
- User (default): When a user signs in to the device, the script runs. If a user never signs into the device, or there isn’t any user affinity, then the script doesn’t run.
- Root: The script will always run (with or without users logged in) at the device level.
Execution frequency: Select how frequently the script is executed. The default is Every 15 minutes.
Execution retries: If the script fails, enter how many times Intune should retry running the script. The default is No retries.
Execution Script: Select the file picker to upload an existing Bash script. Only add .sh files.Microsoft has some sample Bash scripts at https://github.com/microsoft/shell-intune-samples/tree/master/Linux.
Bash Script: After you add an existing Bash script, the script text is shown. You can edit this script.

Source: Add custom settings to Linux devices in Microsoft Intune | Microsoft Learn

By using the execution frequency setting, you can easily set up scripts to run on a regular schedule, like every day or once a week. The purpose of this blog post is to walk you through three practical scenarios where scheduling cron jobs for specific days and times could be really useful.

Example Script

#!/bin/sh
# Description: This script adds a cron job to run "apt-get update" and "apt-get upgrade" every friday at 12:00 PM.

# Unique identifier for the cron job
CRON_JOB="0 12 * * 5 apt-get update && apt-get upgrade -y >/dev/null 2>&1"
CRON_MARKER="autoupdate_cron_job"

# Add cron job if it doesn't exist already
(crontab -l | grep -v "$CRON_MARKER" ; echo "#$CRON_MARKER"; echo "$CRON_JOB") | crontab -

Step by step explanation of the script

CRON_JOB: This variable holds the actual cron job command that is to be scheduled. It is set to run every Friday at 12 PM. The apt-get update && apt-get upgrade -y commands are used to update the package lists and upgrade all the packages silently without interaction. The >/dev/null 2>&1 part redirects both stdout and stderr to /dev/null, which means all output (including errors) will be discarded, ensuring the job runs silently in the background.
CRON_MARKER: This variable is a unique text string that will be used to identify the specific cron job in the user’s crontab. This is to ensure that the script doesn’t create duplicate cron job entries if it is run multiple times.
(crontab -l | grep -v "$CRON_MARKER" ; echo "#$CRON_MARKER"; echo "$CRON_JOB") | crontab -: This command sequence does the following:
- crontab -l: Lists the current cron jobs for the user.
- | grep -v "$CRON_MARKER": Pipes the list to grep and excludes (-v) any lines containing the CRON_MARKER. If the CRON_MARKER is not found, nothing is excluded.
- ;: This separates commands. After the grep command has run, the following echo commands are executed.
- echo "#$CRON_MARKER": This echoes the CRON_MARKER commented out (as a remark line) to serve as an identifier for the cron job.
- echo "$CRON_JOB": This echoes the actual cron job line to be added to the user’s crontab.
- | crontab -: Pipes the output of the previous commands (the existing cron jobs minus the marked job, followed by the new marked comment and the new job) to the crontab command, which sets the new list of cron jobs.

By running this script, the CRON_JOB will only be added if it is not already present in the crontab, preventing duplicates.

The script thus ensures the CRON_JOB is in the crontab without duplicating it. If the script is run multiple times, the CRON_MARKER ensures only one instance of the job is present.

How to deploy the script in Intune:

Follow this steps:

Head over to Intune Portal.
Once there, find and click ‘Devices’ on the menu to the left.
Look for the ‘Linux’ option and click it.
Now, find ‘Configuration Scripts’ and hit the ‘Add’ button to proceed.

Here are the settings I used:

Let’s dive into the settings I chose:

For the script to do its job, it needs the right permissions. That’s why the execution context is set to ‘Root’. This means the script will be run by a user with enough rights to make changes to the system packages for everyone using the system. If your script doesn’t need these high-level permissions, just pick ‘User’ instead. But remember, if you’re running as ‘Root’, you’ll need to give the green light for the settings on the device itself.

I’ve set the script to run every week – it’s the longest interval available. Ideally, I’d like the script to run just once and only repeat if there’s a hiccup, but that’s not an option right now. To work around this, I’ve included a unique identifier. This tells Intune, “Hey, this task has already been done,” to prevent the cron job from being duplicated each time the script is executed.

I’ve left execution retries at ‘No retries’. It’s the standard setting, and for this test, I don’t need it to try again if it fails the first time.

The script you’re deploying? It’s the one we talked about before.

After you run the script, it adds a cron job to the list. You can verify it’s there by typing

 sudo crontab -l

in the terminal:

If all is well, Intune should confirm that things are set up properly:

Just keep in mind, if you’re setting things up as ‘Root’, you’ll need to manually approve these settings on your device.

Conclusion

In conclusion, managing and deploying scripts with Intune on Linux devices is a straightforward process that can greatly enhance system management and automation. By following the simple steps outlined, you can schedule tasks to run on your devices at regular intervals, with the flexibility to execute as a standard user or with root privileges. With the execution context, frequency, and unique identifier in place, you’ll ensure your systems are running efficiently without the hassle of manual intervention. Always remember to approve your settings when running scripts as root, to maintain security and control over your Linux environment.