|
crontab understanding
Does a standard user have the permissions from a default install to create a crontab entry and run his own scheduled task or does the admin have to do this? Secondly, if I am a standard user what are the permission that i should give my newly created crontab file (ex 755)?
third. In my crontab file which is called cronget is this the correct format and is it in the correct location. This is my file permissions 755. I have the GET script and CRONGET(crontab file) in the same directory. 05 * * * 0-6 /home/dabeast/f-prot/get >> /home/dabeast/f-prot/cronerror This is my get script: PHP Code:
PHP Code:
|
Standard users can create cron entries but only to run the cron jobs as themselves. That is if you have a user account called say "billybob" then the cron file created will be for user billybob and will not run with root permissions but as the user billybob.
The permissions are 600 for crontab files in /var/spool/cron. It is the name of the file that determines which user it runs as. You should not modify the files in /var/spool/cron directly but use "crontab -e" logged in as the specific user or "crontab -u <user> -e" if you're the root user and want to make one for another user. Your script needs to be modified to run in cron. When you run it from a standard login it inherits the user's environment (/etc/profile, .profile, .bashrc etc...). However cron is not actually logging in as the user so it has a minimal environment. You therefore need to either source the environment or insure the variables you need are in the script itself. For most scripts you need very little so the latter option is usually best. For example your script uses the "ftp" command. Unfortunately you didn't inherit the PATH ($PATH) variable so it doesn't know where to find this command. So on my FC4 box I find out where ftp is by typing "which ftp" which returns "/usr/kerberos/bin/ftp". Therefore I could set PATH variable in the script: PATH=/usr/kerberos/bin;export PATH --OR-- I could just change the line that has the ftp command in it to say: /usr/kerberos/bin/ftp -n ftp.f-prot.com <<SCRIPT For a short script like this one I'd do the latter. You don't need the paths for the cd and get etc... because they are built ins of the ftp command itself. An alternate way to do it is also just make the commands you do variables themselves and this is what I often do just to insure I've left nothing out especially in long scripts: FTP=/usr/kerberos/bin/ftp $FTP -n ftp.f-prot.com <<SCRIPT |
does my cron file have the correct format? It still does not work.
|
Code:
05 * * * 0-6 /home/dabeast/f-prot/get >> /home/dabeast/f-prot/cronerrorWhat happens if you type the command as it appears in cron at the command line (without the cron formatting)?: /home/dabeast/f-prot/get >> /home/dabeast/f-prot/cronerror From the fact you're seeing entries in cronerror it would appear it is actually running the job. The "not connected" would appear to be a response from the ftp command itself. The log for cron itself is in /var/log/cron. You can check that to see if it got to the command each time. Also you might want to add /bin/date to the script before it does the ftp command. That way you'll see the date in the log file. Also you should add "2>&1" after cronerror in the cron entry to insure you're getting both stdout and stderr in cronerror. |
I have have a news update. I ran the command from my get script and was able to ftp to the site and login as anonymous but when I attempt to download anything under that account I get permission denied but when I log in as root I have no problem. I dont understand. I have the permission to use the ftp command and I am downloading to my own home directory so why wouldnt I have permission to download files in my own directory?
|
I added /usr/bin/ftp to my account to the /etc/sudoers file and it worked but do I need to add the /usr/sbin/crontab to /etc/sudoers as well to get it to work?
|
Quote:
You're mixing things here. "anonymous" is a guest user some ftp sites allow. Just like any other user it has permissions and restrictions. Typically it is restricted only to public things (e.g. free downloads of some rpm). Since it is "anonymous" it is usually not allowed to go very far. So when you say you login as root it's not clear if you mean you logged in as root on the ftp server or you were root when you started the get script. You have two accounts involved: The one you are running as on the local host when you start the get script and the one that you're giving the $USER and $PASSWD for on the ftp server IN the get script. So you could get a "permission denied" error trying to run the get script as a user other than root if the script itself is owned by root (which would explain why adding to sudoers got you further). Or you could be getting "permission denied" when you try to "get" a file after logging into the ftp server because the account you used there doesn't have permission to file you're trying to get. Your progress with sudoer suggests to me it is the former case. In answer to your question about sudoers. You shouldn't add crontab to sudoers. If the script requires to be run as root on the local host you should put the cron job in the root crontab rather than a user's crontab. sudo is used to make another user equivalent to root. For an automated job there is no reason to do that (and also no way to input the required password anyway). You just run it from root's crontab so it runs as root. If you need the file to be owned by a specific user AFTER the ftp is done you should just add a chown command to the script. Code:
#! /bin/sh |
I am confused. the script "get" which is in my /home/dabeast/f-prot/ directory ran but placed the download file under /root/. I am thinking that what happened was that I attempted to run the cron job as root but why would it have placed my downloaded files under /root instead of the /home/dabeast/f-prot/ directory where the "get" file is? I guess what I am trying to ask is why is it downloading my anti-virus def to another directory other than /home/dabeast/f-prot? The "get" script does not specify a directory to download in so one would assume that the directory that the script is in would be the chosen destination. By the way jlightner many thanks for your help.
|
/etc/passwd specifies the home directory for a user. Root's is typically /root (or /). Giving the full path for the script tells it where to find the script but the process running is still in the current (home) directory from which you kicked it off.
You can just add a cd statement to your script before it does the ftp: Code:
#! /bin/shFYI: The "cd" you're doing before the ftp is coming from the shell but the one in the ftp is coming from the ftpd on the other side of the connection. |
I made a change to my crontab entry:
PHP Code:
|
The above doesn't say "30 minute intervals". It says "30 minutes after the hour for every hour of the day every day of the week".
e.g. 00:30 01:30, 02:30, 03:30, 04:30 etc... If you want to run it every 30 minutes: Code:
00,30 * * * * /home/dabeast/f-prot/gete.g. 00:00, 00:30, 01:00, 01:30, 2:00 etc... Some Linux version have issues with cron. Stopping and starting the cron daemon may help. "service crond restart". |
I must give credit where it is due. Jlightner you are the man and thanks for your help. I think what I did was just basically over complicate what I was trying to due. Here is what I did to resolve my issue for future readers.
1 - created my "get" script to pull down my virus updates and placed them into a public location. 2 - I added myself to the sudoer to be able to ftp download (/usr/bin) 3 - added a crontab entry using: PHP Code:
PHP Code:
|
| All times are GMT -5. The time now is 07:30 AM. |