I have a raspberry pi zero with a python script located in
/home/pi/Documents/camProject
that writes the date and time to a log.txt file.
import datetime
import json
now = datetime.datetime.now()
now = str(now)
with open('log.txt','w') as f:
json.dump(now, f)
print('script complete')
print(now)
I can call and execute the script from the console when I am standing in camProject folder.
pi#raspberrypi:~/Documents/camProject $ sudo python3 "/home/pi/Documents/camProject/test.py"
script complete
2020-10-17 08:39:46.238224
I want this test.py script to run on every reboot, so from the command console I did
sudo crontab -e
In the bottom of the crontab script I wrote
#reboot sudo python3 "/home/pi/Documents/camProject/test.py"
Upon reboot the raspberry pi device nothing happened and the date is not written into the log.txt file. I have tried executing
sudo python3 "/home/pi/Documents/camProject/test.py"
from my home directory
/home/pi
and I see the print out from my test.py in the console but the log.txt is not updated. However, if I execute the same script from the folder where test.py is located, everything works fine. I then checked the permission and in my camProject folder
pi#raspberrypi:~/Documents/camProject $ ls -l
totalt 20
-rwxrwxrwx 1 pi pi 66 okt 17 00:00 camVision.py
-rwxrwxrwx 1 pi pi 28 okt 17 08:50 log.txt
-rwxrwxrwx 1 pi pi 167 okt 17 08:33 test.py
-rwxrwxrwx 1 pi pi 115 okt 17 07:45 test.pyc
drwxrwxrwx 2 pi pi 4096 okt 16 14:50 Video
I guess the problem is related to log.txt is not writeable when test.py is executed from command console when the execution happened to be outside the camProject folder and therefore not by crontab either. I don't know how to fix this problem?
Your program creates the file in the current working directory. cron jobs run in the invoking user's home directory; thus your cron job writes the file in the home directory of root (probaby /root on Debian-based platforms).
Once you create a file as root, it is only writable by root (unless you specifically set permissions to make it world-writable, or assign write access to a specific user group)
Probably change your script to write to /home/pi/log.txt (if that's where you want the file) and make sure the file already exists, or maybe switch to the pi user before creating it if you are running as root. (Once the file exists with the correct owner and permissions, root can append to it without changing the owner or permissions.)
Tangentially, there is no need to use sudo in a cron Job which is already running with full root privileges.
Related
I am trying to run a python3 script to check email for a certain condition, every day at a certain time.
I can see crontab invokes the commands, but the scripts does not give me the result I need, I.e. doesn't seem to run. I can see the cron execution in the syslog:
Aug 3 16:25:01 raspberrypi /USR/SBIN/CRON[4597]: (pi) CMD (cd /home/pi/pythonscripts )
Aug 3 16:25:01 raspberrypi /USR/SBIN/CRON[4598]: (pi) CMD (sudo python3 dfj_gmail_test_v1g.py > /home/pi/pythonscripts/cronlog.log)
Aug 3 16:25:02 raspberrypi /USR/SBIN/CRON[4595]: (CRON) info (No MTA installed, discarding output)
The python script need to run, check gmail and if a certain email is found with a certain subject, it should turn on a LED through GPIO on my raspberry, it more a test for me than anything else. If I run the script from the command line itself (using the lines as in my crontab,) the script does the check and light the led. so the script itself is good. Any ideas on how to get more info on why the python script doesnt work through cron?
If need I can add the python 3 code
It seems you have two different cron jobs, one doing
cd /home/pi/pythonscripts
and the other
sudo python3 dfj_gmail_test_v1g.py > /home/pi/pythonscripts/cronlog.log
Those are independent jobs, the first one won't affect the second one, so the working directory for the second job will not be changed and the script will not be found. If you want this to work, you need to use a single command for both, e.g:
cd /home/pi/pythonscripts && sudo python3 dfj_gmail_test_v1g.py > /home/pi/pythonscripts/cronlog.log
Or give the fully qualified path to the python file if the working directory doesn't really matter:
sudo python3 /home/pi/pythonscripts/dfj_gmail_test_v1g.py
Also, instad of using sudo from a crontab, consider using the root user's contab directly. And you should redirect stderr and stdout to your logfile, that will give your more detailled output in case of an error, e.g.:
... > /home/pi/pythonscripts/cronlog.log 2>&1
Or install a MTA, then the output of cront jobs will be sent to the owner as email.
Hope someone can help me out here.
I've written a python script that I want to run under CRON every 5 minutes.
In keeping with the general security practice of least privilege, I:
created a user "custom" to use for custom scripts
created a group "custom" (don't want anything running under nobody to have
access) and;
put the script (monitor) in /home/custom/bin
The shebang in the script is:
#!/usr/bin/env python2.7
The only permission given to user custom is:
Inherited from Name Description Action
User - System: Shell account access Indicates whether the user is able to login for example via SSH.
Running the script with the command /home/custom/bin/monitor from the command line works regardless of the current working directory.
I tried doing cd / first to make sure it wasn't a path issue, and the script ran correctly.
The script writes 2 files on the first run, and subsequent runs append to those files in the directory /home/custom/bin/mondata
I installed the CRON package and created the following entry:
*/5 * * * * custom /home/custom/bin/monitor
(There doesn't seem to be an "Apply Changes", so I'm assuming that I don't need to reboot or do anything to load the changes.)
(The above entry and many others are displayed in the WebGUI, and I know that several of those other cron jobs are running.)
After waiting for enough time for the script to run, I checked for output and there was nothing.
Changing custom to root for testing purposes (Just in case the issue was a permission problem) doesn't fix the problem.
Here are the relevant file permissions:
[2.3.2-RELEASE][custom#local]/home/custom/bin: ls -laR ~
total 52
drwxr-xr-x 4 custom nobody 512 Aug 7 00:14 .
drwxr-xr-x 4 root wheel 512 Jul 27 15:24 ..
drwxr-xr-x 3 custom custom 512 Aug 7 00:14 bin
/home/custom/bin:
total 20
drwxr-xr-x 3 custom custom 512 Aug 7 00:14 .
drwxr-xr-x 4 custom nobody 512 Aug 7 00:14 ..
drwxrwx--- 2 custom custom 512 Aug 7 00:07 mondata <-Script output goes here
-rwxr-xr-x 1 custom custom 4663 Aug 5 22:44 monitor <-The script
/home/custom/bin/mondata:
total 8
drwxrwx--- 2 custom custom 512 Aug 7 00:07 . <-NO OUTPUT! (I deleted the files manually after successful tests)
drwxr-xr-x 3 custom custom 512 Aug 7 00:14 ..
I checked for an error message in: Status / System / Logs / System / General - Nothing found.
I even tried temporarily changing the permissions on /home/custom/bin/mondata to 777 and setting the cron user to root
(totally unacceptable security practice just for testing, but even that didn't work.)
I have no way of knowing if the script is running and the file writes are being denied for some reason, or if the script isn't running at all.
BTW, where is the cron tab? When I run crontab -l as root, I get crontab: no crontab for root, but I KNOW cron jobs are running.
(I have the daily mail report running.)
Any suggestions - even for troubleshooting to know if the script is running would be helpful.
Thanks.
The issue was that python was not executing.
The so called "portable" shebang that worked at the command line -
#!/usr/bin/env python2.7
- DOES NOT WORK from cron.
I created the following file as /home/custom/bin/tcron
#!/usr/bin/env python2.7
import os
os.system('/usr/local/bin/minicron')
When run from the command line, it put the minicron error into the log every time it is run, but did nothing when run from cron.
I changed #!/usr/bin/env python2.7 to #!/usr/local/bin/python2.7, and now it works.
I don't know if this is intentional that #!/usr/bin/env python2.7 doesn't work from cron, but for now I'm not going to worry about it.
I hope by documenting this it might save somebody else the same trouble, and if it's a bug that should be reported, someone who knows how to do that will do so.
I have a VPS with Nagios installed, and I want to use Nagios to monitor the VPS resources in the /proc/user_beancounters file. The file has the following permissions:
-r-------- 1 root root 0 Oct 26 15:53 /proc/user_beancounters
So I downloaded the script from the Nagios Exchange:
https://exchange.nagios.org/directory/Plugins/Operating-Systems/*-Virtual-Environments/OpenVZ/check-beancounters/details
In the instructions it suggests to:
don’t forget to set the s-bit (chmod +s check_UBC.pl)
So, I copied the script over, and set the s-bit, then run it from the terminal as root. It works as expected. I then delete the temp file it created, su into the nagios user, and run the script. It works as expected. I delete the temp file it created, and start up Nagios. It can't read the /proc/user_beancounters file! The exact error I get, helpfully, is "could not read /proc/user_beancounters". This is, I believe, thrown by the line in the Perl script:
if (! open IN, "<", $UBC )
{
print "could not read $UBC\n";
exit $ERRORS{'CRITICAL'};
}
My OS is CentOS release 6.2 (Final).
My first thought is that it is some kind of SELinux voodoo, but there is no indication that SELinux is running on this server. Just in case, I tried the following:
echo 0 > /selinux/enforce
But this made no difference.
For reference, this is my nagios service running:
nagios 12939 0.0 0.0 203652 3404 ? Ssl 15:39 0:00 /usr/sbin/nagios -d /etc/nagios/nagios.cfg
And this is where I've put the Perl script:
-rwsr-sr-x 1 nagios nagios 2934 Oct 26 15:37 check_UBC.pl
Any suggestions as to what else I can try?
PS apologies if this should go in a different SE site - never sure with questions that involve scripts, permissions etc...
UPDATE 1
I created a shell script to see if I could 'emulate' the nagios service. It is extremely simple:
#!/bin/bash
/usr/lib64/nagios/plugins/check_UBC.pl
And now I have the following permissions:
-rwsr-sr-x 1 root root 2934 Oct 26 15:37 check_UBC.pl
-rwxrwxrwx 1 root root 51 Oct 26 19:29 check_UBC.sh
As root:
[root#/usr/lib64/nagios/plugins]$ ./check_UBC.pl
everything is fine..
[root#/usr/lib64/nagios/plugins]$ ./check_UBC.sh
everything is fine..
As nagios:
-bash-4.1$ ./check_UBC.pl
everything is fine..
-bash-4.1$ ./check_UBC.sh
everything is fine..
So still no clue...
UPDATE 2
My nagios command definition:
define command{
command_name check_beancounters
command_line $USER1$/check_UBC.pl
}
And the service definition:
define service{
use local-service
host_name localhost
service_description VPS Beancounters
check_command check_beancounters
}
UPDATE 3
I managed to get it to work, but am not over the moon about giving the nagios user full sudo access with no password. In /etc/sudoers I put this on the last line:
nagios ALL=(ALL:ALL) NOPASSWD: ALL
And then changed my command definition to:
define command{
command_name check_beancounters
command_line sudo $USER1$/check_UBC.pl
}
Apparently recent versions of linux will not respect the +s permission when running an interpreted script, only a binary. So I guess I will have to compile a binary wrapper for the script?
UPDATE 4
As per Joe Young's suggestion, I changed my visudo entry to:
nagios ALL=NOPASSWD: /usr/lib64/nagios/plugins/check_UBC.pl
Which hopefully is relatively harmless!
Try changing the owner of check_UBC.pl to root so that when nagios executes check_UBC.pl the script runs as setuid of it's owner root and not the nagios user.
chown root:root check_UBC.pl
EDIT:
Can you post your command definition that's calling check_UBC.pl?
The last thing I can think of to try is to install the perl-suid module: https://chrisjean.com/fix-setuid-cannot-exec-sperl/
Although, if check_UBC.pl runs from the command line with no problem, I'm not sure what difference it would make.
What would the risk be to change the permissions on /proc/user_beancounters to 444 (read for all?) It only contains a number, correct? Not sure if that particular file "sticks around" after a reboot, or worse, constantly gets replaced as the services are running, so this could be a problem still.
Also, consider trying to test for actual "existence" of the file, before you attempt to read from it. Since we're in /proc directory, things do change, from time to time....
Lastly, you are asking to open the file, but syntactically is it asking to open in a read only mode? You may want to try a system call to simply "cat" the file contents, in your shell script, and see if you get a response.
I want a user (tcff) to run two python scripts at 2am every morning.
I have correctly installed the following crontab for this user:
tcff#mymachine> crontab -l
0 2 * * * python /home/tcff/path/to/myscript1.py
0 2 * * * python /home/tcff/path/to/myscript2.py
The permissions for each script are:
-rwxr-xr-x 1 tcff tcff 5522 Sep 25 12:41 myscript1.py
-rwxr-xr-x 1 tcff tcff 5522 Sep 25 12:41 myscript2.py
When I call each script directly they work fine:
tcff#mymachine> python /home/tcff/path/to/myscript1.py
[Output as expected]
However they are not being run by cron at 2am each morning.
I can't work this out. I am sure I have the permissions correct etc?
Yes, indeed, the reason the scripts were not running is because I did not use the full path to the Python binary:
0 2 * * * /usr/bin/python /home/tcff/path/to/myscript2.py
This is needed because although the shell (bash) has /usr/bin on the PATH the process running cron does not.
First of all give full permission to script file.
chmod 777 script_name
Also trace the logs of crontab and see what is happening with cronjob here you can see all logs of crontab. May be there is any exception or error.
root#localhost:[~]: tail -f /var/log/cron
This question already has answers here:
CronJob not running
(19 answers)
Closed last month.
I'm having problem with crontab when I'm running a script.
My sudo crontab -e looks like this:
05 00 * * * /opt/mcserver/backup.sh
10 00 * * * /opt/mcserver/suspend.sh
05 08 * * * /sbin/shutdown -r +1
11 11 * * * /opt/mcserver/start.sh <--- This isn't working
And the start.sh looks like this:
#!/bin/sh
screen java -d64 -Xincgc -Xmx2048M -jar craftbukkit.jar nogui
and have these permissions (ls -l output)
-rwxr-xr-x 1 eve eve 72 Nov 24 14:17 start.sh
I can run the command from the terminal, either using sudo or not
./start.sh
But it wont start with crontab.
If i do
grep -iR "start.sh" /var/log
I get the following output
/var/log/syslog:Nov 27 11:11:01 eve-desk CRON[5204]: (root) CMD (eve /opt/mcserver/start.sh)
grep: /var/log/btmp: Permission denied
grep: /var/log/lightdm/x-0-greeter.log: Permission denied
grep: /var/log/lightdm/lightdm.log: Permission denied
grep: /var/log/lightdm/x-0.log: Permission denied
So my question is, why isn't it working?
And since my script run without using sudo, I don't necessarily need to put it in sudo crontab?
( and I'm using Ubuntu 12.10 )
Thanks in advance,
Philip
Answer to twalberg's response
1. Changed owner on craftbukkit to root, to see if that fixed the problem.
-rw-r--r-- 1 root root 12084211 Nov 21 02:14 craftbukkit.jar
and also added an explicit cd in my start.sh script as such:
#!/bin/sh
cd /opt/mcserver/
screen java -d64 -Xincgc -Xmx2048M -jar craftbukkit.jar nogui
2. I'm not quite sure what you mean here. Should I use the following path in my start.sh file when i start java?
(output from which java)
/usr/bin/java
3. When my server closes, screen is terminated. Is it a good idea to start screen in "detached mode" anyway?
Still got the same "Permission denied" error.
Problem solved!
By using the proper flag on screen, as below, it is now working as it should!
screen -d -m java -d64 -Xincgc -Xmx2048M -jar craftbukkit.jar nogui
Thanks a lot to those who answered, and especially twalberg!
Here are some things to check:
root obviously has read/execute permissions on start.sh, but what are the permissions on craftbukkit.jar - can root read it? You may also want to add an explicit cd /path/to/where/craftbukkit.jar/is in your start.sh script.
Is java in root's default path within cron? Note that this path is not necessarily the same as the one that you get via sudo, su or directly logging in as root - it's typically much more restricted. Use full path names to both java and craftbukkit.jar to work around that.
Since screen will not start with a terminal available, you may need screen -d -m ... instead. Hopefully, you intend to eventually attach to each screen instance and terminate it later, or you have arranged for it to terminate automatically when the script is done...
The /var/log/syslog entry shows that cron did in fact execute the script, so it must have failed for one of the above reasons (or something else I haven't noticed yet)
The other errors from grep are simply due to the fact your non-root user does not have permission to read those specific files (this is normal, and a good thing).
start.sh is owned by "eve:eve" and your crontab is running as root.
You can solve this by running following command
chown root:root /opt/craftbukkit/start.sh
Your crontab will be running as root though.
Tip: When running bash in crontab always use absolute paths (it will make debugging a lot easier).
The log shows the user has no access to dir " /var/log/", You should set the log files' permition for the cron's owner.