Help killing cron runs

Get the 3rd-party utility "Cronnix" (http://www.abstracture.de/projects-en/cronnix) and use it to see where the cron job is coming from.

I have an interesting problem related to (but different from) this thread.

I have a script that is run on my user cron which I discovered after much testing is running TWICE. It was running once at 4:00 am and once at 4:05 am. I do not want it to do this. I changed the 4:00 am one to 3 pm (0 15), and found that indeed, the 4:05 job was still running.

I have used both cronnix and crontab -l in terminal and determined the following facts:

1. right now only the 0 15 (3 pm) is in my user cron (for that script)

2. it IS in another user's crontab, BUT that job is scheduled for 05 20 (ie, not 0 4) and never runs on MY user. (do other user's crons run when they aren't logged in?)

3. it is not in my system cron (cat /etc/crontab)

What else could be running the script at 04:05 am?

A. I remember trying to look at launchd with the GUI Lingon, but never setting anything -- so I relaunched Lingon and found that indeed there were no my agents or user agents listed (one user daemon but not the one in question).

B. I've never used iCal to schedule scripts.

(see this thread:
http://forums.macosxhints.com/showthread.php?t=52502&highlight=cron)

it IS in another user's crontab, BUT that job is scheduled for 05 20 (ie, not 0 4) and never runs on MY user. (do other user's crons run when they aren't logged in?)
I would think they do. You should do an experiment to find out - e.g. have a crontab job that writes a file and then look later to see if that file is there.

What else could be running the script at 04:05 am?
Perhaps the 'at' or 'batch' facility? But these are disabled by default in OS X.

Are you sure it is running under your user account?
You should be able to see the parent process via 'ps' - is it 'cron' ?

Note also that there is the possibility that the job is started by root and then switched to run under your account.

What is this cron job? Is it something that the system might have installed or is it something that you created?

this cron job is a script inside a package AS Studio application which I developed. so i know what cron entry the application is supposed to install and from everything i can tell is installed as it should. but whey it is running twice is beyond me.

the only way i could check the parent process is if i was awake at 4:05 am, no?

if this job somehow is started by root, how can i see it?

I guess i'm asking what other possible users could have a crontab that might run while i'm logged in to a normal admin account?

EDIT:

I found it: /var/cron/tabs/root !

i have no idea how it got on my root crontab. now how do i edit a root crontab?

EDIT 2:

well i deleted that entry in root user using cronnix, to be safe. still not sure how it got there or whether it's smart to edit that root crontab. btw, why is there a root crontab in addition to the system one at /etc/crontab? and how would one normally edit either in terminal? (ie, as for user type crontab -e ??)

I found it: /var/cron/tabs/root !

i have no idea how it got on my root crontab. now how do i edit a root crontab?
You should be able to do this via Cronnix.

But do you have the 'root' user enabled? You shouldn't.
Disable it via the Security menu in NetInfo Manager.

yes i do have the root user enabled. isn't it advantageous to do so in case of emergencies to be able to log on as root? can you use sudo if root isn't enabled in terminal? why wouldn't you want it enabled as long as you're sure the password is not hackable? my root password is a long phrase i have memorized that isn't written down anywhere. simply not guessable or brute-force hackable.

yes i do have the root user enabled. isn't it advantageous to do so in case of emergencies to be able to log on as root?
I don't think so. You can (and should) use single-user mode in case of extreme emergency. It would be better to keep a second admin account if you are worried that your usual admin account might get corrupted.
can you use sudo if root isn't enabled in terminal?
Yes - see this Unix FAQ (http://forums.macosxhints.com/showthread.php?t=40648) for more details.