Error : crontab: must be suid to work properly
I want to set cronjob in docker container with non-root user. Is it possible to set a cron without using sudo and without installing cron?
I am using alpine docker container.
Yes you can run its own, cron in specific user without sudo, As each user will be having the crontab file no need to install it explicitly.
to run crontab of any user, use -u option , please note that user must be privileged to use -u
$ crontab -u <username> -e
/etc/crontab is the system wide crontab.
The format of /etc/crontab is like this:
# m h dom mon dow user command
* * * * * someuser echo 'foo'
while crontab -e is per user, it's worth mentioning with no -u argument the crontab command goes to the current users crontab. You can do crontab -e -u <username> to edit a specific users crontab.
Notice in a per user crontab there is no 'user' field.
# m h dom mon dow command
* * * * * echo 'foo'
An aspect of crontabs that may be confusing is that root also has its own crontab. e.g. crontab -e -u root will not edit /etc/crontab
See Configuring cron for more information: https://www.freebsd.org/doc/handbook/configtuning-cron.html
In most Linux distros, per user crontabs are typically stored in: /var/spool/cron/crontabs/<username>
I solve it adding the name of the user we need to execute cron jobs in the file /etc/cron.allow. If this files does not exists you have to create it. More details about cron.allow file
Related
To make things clear first: I'm using a virtual machine which is offline - security is therefor no showstopper for my need.
I have a simple bash script which performs which uses wmctrl to gracefully closes a process. KILL is not an option:
* * * * * sudo wmctrl -xc notepadqq-bin.Notepadqq
* * * * * /bin/echo "works" >> /home/usr/cron.log
I tried sudo crontab -e as well as crontab -e, the cron.log is written every minute, however the wmctrl command is not working.
I even tried to echo "password" | sudo -S rm somefile but this doesnt work for me either.
TIA!
First I'm going to make some assumptions (please correct me if these are wrong and I'll try to adapt the answer for you)
Assumptions:
you want to use cron and not any old job manager (I think this is safe from your question)
you are already familiar with cron and would like the cronjobs to actually run as often as possible (this seems odd to me but may not be central to the question at hand) ( Edit:
I also agree with that other guy's recommendation to look at https://stackoverflow.com/tags/cron/info as it provides more in depth discussion on the use of cron )
you want to use sudo for root privileges and not have the cron daemon run as root (which is normal on most systems)
you are not satisfied with chown 0:0 $(which wmctrl) the effect of chmod 4755 $(which wmctrl) or more restrictive chmod 4755 $(which wmctrl)
the results of a cron tab line "* * * * * sudo wmctrl -d >> /home/usr/cron.log" shows this "notepadqq-bin.Notepadqq" is still active from cron's perspective (IF THIS IS NOT THE CASE check the environment variables for wmctrl are preserved from cron't perspective. and let me know this assumption was wrong)
your comment "even tried to echo "password" | sudo -S rm somefile but this doesn't work for me either." implies you have a password for using sudo
You mean your comment "security is therefor no showstopper for my need"
Ensure Sudoers allows the script call
Given those assumptions, I'd recommend first looking into how sudo is setup:
Try this:
(DO NOT EDIT THIS FILE WITHOUT THE visudo command you can corrupt your system)
export EDITOR=vi ; sudo visudo -f /etc/sudoers
you will want a line similar to this:
%sudo ALL=(ALL) NOPASSWD: ALL
OR
cron ALL=(ALL) NOPASSWD: ALL
given that you can be sure the issue is not a password prompt issue with sudo and that the command (infact ALL commands run via sudo) are run as root by default (when not using -u to set to another user)
Hope this helps
I have got a RasPi and I actually try to execute a shellscript to automount a folder at every Reboot.
Script Command is:
sudo mount -t cifs 'folderpath' 'pointtomount' -o username=xxx,password=xxx,sec=ntlm
It works perfect if I use it manually but via cronjob it responses "Mount Error(13): Permission denied" and the mount can't be executed.
Means cronjob executes the file at least.
My idea was to mount it manually and check if automount is disabled in /etc/fstab or /etc/mtab. As it's just a folder I only found it in mtab.
I can't write in it but nowhere's "noauto" in the options so probabbly everything is correct.
Not certain if it has sth. in common with crontab execute rights but ls -lha /usr/bin/crontab output is -rwxr-sr-x 1.
If anyone of you got any clues how to solve this problem, i'd appreciate help.
Thanks
EDIT1:
Okay after hours and hours it seems to be working in /home/pi/.config/lxsession/LXDE-pi/autostart.sh (type "sudo nano /home/pi/.config/lxsession/LXDE-pi/autostart.sh"). In that file I wrote "#/home/pi/scripttoexecute.sh". In my executescript I wrote "sudo mount -t cifs 'foldertomount' 'directorypath' -o credentials=/root/.smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777,sec=ntlm". Obviously to use the smbcredentials file, write "sudo nano /root/.smbcredentials" and in there "username=xxx" and next line "password=xxx" and optional domain.
Thanks to all and I hope that this might save someone elses time.
Not sure if it has sth in common with apt-get upgrade and apt-get update before.
Couple things here, first off every user can have their own crontab. For example:
crontab -e # Edit crontab of current user
crontab -u root -e # Edit crontab of root user (might need sudo for this)
crontab -u www-data -e # Edit crontab of www-data user
Another thing is that if you don't use crontab -e to edit the file, and actually edit the /etc/crontab file directly (do something like vim /etc/crontab), you can actually specify the user you'd like to run the cron as:
* * * * * root mount -t cifs /path/to/folder /point/to/mount -o username=xxx,password=xxx,sec=ntlm
To run via root's crontab at reboot, type:
sudo crontab -e
And add this line:
#reboot mount -t cifs 'folderpath' 'pointtomount' -o username=xxx,password=xxx,sec=ntlm
But really, shouldn't you be adding your auto-mounts to /etc/fstab?
How can I change the ownership logs of cron tasks when they are creating by crontab?
At the moment all the files that are created is owned by root I need this to changed to for example steve.
Any help please
Each user have it own crontab.
In order to change the ownership of steve crontab logs you have to
sudo su steve
crontab /path_to_cron_file
crontab -e
Here is steve crontab and from now on any log is created it will be owned by steve.
Now you have to sudo su root and change the crontab to an other cron file or set the default
sudo su root
crontab /etc/crontab
I have crontab :
35 16 * * * mysqldump -h mysql2.alwaysdata.com -u user -ppass --all-databases > ../copias/fichero_`date +%d-%m-%Y-%H:%M:%S`.sql
but the command working correctly without crontab.
the folder chmod 777 -R.
Thanks.
You should use an absolute path instead of ../copias/fichero....
You don't know what the current directory will be when the command is run by cron.
In the /etc/crontab file you must specify the username as well before the command to run.
I have set the cron tab for my site. But I have got message in my mailing id like this "Permission denied" for the script. Can anyone help me telling what may be the problem.
Thanks......
You get this error while setting the crontab? or from a script running from the cron?
If while setting the crontab, try this:
You type: crontab -e
You get: -bash: /usr/bin/crontab: Permission denied
Problem: Your user is not in the cron group.
Solution: As root, edit the /etc/group file, find the cron group and add
your user to that line (the usernames are comma-separated).
Then re-login as your user.
Verify: Run command "groups". You should see "cron" in there.
(from http://www.parseerror.com/argh/crontab-e-Permission-denied.txt)
friends if any one wants schedule crons from other user
just do this
root user:-
ls /usr/bin/crontab
chmod 4755 /usr/bin/crontab
echo PATH
vi /etc/crontab
SHELL=/bin/bash
PATH=/usr/java/jdk1.5.0_22/bin:/root/bin:/usr/java/jdk1.5.0_22/bin:/usr/lib/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
MAILTO=root
HOME=/
cd /etc/cron.d
create cron.allow file if not exist
vi cron.allow
root
other username
save and exist
su – username
/usr/bin/crontab -e
schedule here ……………….
I ran into this issue today and was baffled until I realized that the denied commands were SSH commands. I had forgotten that I was connecting with an SSH key that required a passphrase, so the real issue had nothing to do with cron in my case.
My solution was to create an additional key for this script with no passphrase (using ssh-keygen), install it on the remote server, and specify it in the script with the -i flag to the ssh commands.
ssh -i /path/to/id_rsa.no-passphrase user#remote command-to-run