Variable in script not working in cron

Aslan_Eident · 12-26-2008, 09:27 AM

Let me start off by saying that I know just enough to be dangerous. Thanks ahead of time for your kind patience in reading my problem.

I am writing a script to batch decrypt .pgp files of which are uploaded to our Redhat server. I wrote the following script which runs perfectly if I execute it from the command line. When it is executed from a cron job, the $FILE variable doesn't carry through the script.

Here is the script.

Code:

#!/bin/sh

PGPPATH=/path/to/pgp/files     
echo "pgp directory $PGPPATH"
for FILE in ${PGPPATH}/*.pgp;
        do      
                gpg -o ${FILE%.pgp}.xml --passphrase myPassPhrase -d $FILE
                echo "decrypting $FILE"
                echo "moving $FILE to ${PGPPATH}/pgp_archive"
                mv $FILE ${PGPPATH}/pgp_archive
                echo "moved $FILE to ${PGPPATH}/pgp_archive";
        done

If I run this from the command line it returns the following and the resulting decrypted xml file is generated correctly:

Code:

decrypting /path/to/pgp/files/IL_200812252201.pgp
moving /path/to/pgp/files/IL_200812252201.pgp to /path/to/pgp/filesfeed_archive
moved /path/to/pgp/files/IL_200812252201.pgp to /path/to/pgp/filesfeed_archive

The log of the root's cron job looks like the following:

Code:

decrypting /path/to/pgp/files/*.pgp
moving /path/to/pgp/files/*.pgp to /path/to/pgp/files/feed_archive
moved /path/to/pgp/files/*.pgp to /path/to/pgp/files/feed_archive

The PGPPATH variable works correctly, but the FILE variable is lost.

I've tried renaming the FILE variable to various other names without success. The script is owned by root and has these permissions, "-rwxr-xr-x".

Thank you ahead of time for your help.

blackhole54 · 12-26-2008, 11:18 AM

Hi

And welcome to LQ!

I think you have misdiagnosed the problem. Your variable ($FILE) is fine. The problem is the wildcard is not getting expanded.

In a Linux shell, when wild cards are used that are not in quotes, they are expanded by the shell. So, for example, when you say:

Code:

for FILE in ${PGPPATH}/*.pgp;

the shell will try to replace ${PGPPATH}/*.pgp with everything that matches that expression. For some reason in your cron job it is not able to, and so the loop executes once with $FILE set to the actual wildcard expression. That is what you see printed out in your log. (I hope that was clear. I had to try several times for it not to be even more confusing.

)

Just to illustrate with another example, look what happens when I try a directory listing using a wildcard expression that doesn't match anything.

Code:

$ ls junk.*
ls: junk.*: No such file or directory

I have no files in that directory that match junk.*. So the shell cannot do a substitution and the ls command tries to find a file with an asterisk in its name! Or if I put that into a loop like yours:

Code:

$ for FILE in junk.*; do
> echo $FILE
> done
junk.*

So the question is why can't the shell expand your wildcard expression in the cron job.

One possibliity is it couldn't read the directory. I have just verified that when this is the case the shell silently leaves the wildcard expression unexpanded rather than give you an error message.

You didn't give particulars of how you ran this as a cron job. (Cron jobs can run from /etc/crontab, from files in the directory /etc/cron.d, or from individual users' crontab's, controlled with the crontab command.) What I am wondering is if when you ran it as a cron job whether it was running as a user that couldn't read the $PGPPATH directory.

Aslan_Eident · 12-26-2008, 05:59 PM

Blackhole54,

Thank you for your response

. I did miss diagnose the problem.

I'm running the script in the crontab. I have edited the crontab with the "crontab -e" as the root user.

Code:

0       *       *       *       *       /root/pgpDecrypt.sh > /root/cronlog/pgpDecrypt.log

I figured since the cron job was in the root, then it could run the script without ownership problems. The .pgp files and the /path/to/pgp/files directory are owned by another user.

Any thoughts?

colucix · 12-26-2008, 06:22 PM

blackhole54 has already expressed the reason of this behaviour in an excellent way. Maybe you don't have any pgp file under PGPPATH when the cron job runs. To avoid confusion just use a different syntax to skip the shell's expansion problem:

Code:

#!/bin/sh
PGPPATH=/home/alex/pluto/keys
echo "pgp directory $PGPPATH"
for FILE in $(find ${PGPPATH} -name \*.pgp)
do
  gpg -o ${FILE%.pgp}.xml --passphrase myPassPhrase -d $FILE
  echo "decrypting $FILE"
  echo "moving $FILE to ${PGPPATH}/pgp_archive"
  mv $FILE ${PGPPATH}/pgp_archive
  echo "moved $FILE to ${PGPPATH}/pgp_archive";
done

In this way if one or more pgp files exist, the commands within the loop are executed, otherwise the loop is skipped. You can also trap this condition to log it as well.

Aslan_Eident · 12-26-2008, 07:29 PM

Thank you, colucix. Yes. Blackhole54 has been very helpful and helped me greatly. With his help I was able to figure out what was wrong. The script is now working correctly.

Thank you.

blackhole54 · 12-27-2008, 03:47 AM

Quote:

Originally Posted by Aslan_Eident

The script is now working correctly.

I am glad you got it working.

It would be nice if you would post what the problem was. That may help others who find this thread when they are trying to solve their own problems. We are all helping each other here.

@colucix,

Thanks for posting a solution to the issue of the shell (not) expanding a wildcard expression. For everybody's information, in addition to the benefit you noted, if there is a problem with permissions of the directory, you do get an error message. In scripts, I have also solved the problem by testing for the variable matching the wildcard expression. The tricky thing when doing that is you have to make sure you "escape" the "wildcard" correctly when you test.

Aslan_Eident · 01-02-2009, 05:04 PM

The environment variable for gpg is not recognized in cron. Once I called pgp using /usr/bin/gpg instead of just gpg it worked. Here is the final code that worked.

Code:

#!/bin/sh

PGPPATH=/path/to/pgp/files
echo "pgp directory $PGPPATH"
if [ -f ${PGPPATH}/*.pgp ];
then
for FILE in ${PGPPATH}/*.pgp;
         do
                /bin/echo passphrase | /usr/bin/gpg --no-tty --batch --passphrase-fd 0 --quiet --output ${FILE%.pgp}.xml --decrypt $FILE
                echo "decrypting $FILE"
                echo "moving $FILE to ${PGPPATH}/feed_archive"
                mv $FILE ${PGPPATH}/feed_archive
                echo "moved $FILE to ${PGPPATH}/feed_archive";
         done
else
         echo "pgp files do not exists"
fi