[SOLVED] Having trouble running cron job script only works on terminal as root

PROBLEMCHYLD · 09-15-2020, 09:36 AM

I have a couple scripts that needs to run but doesn't work when added to cron job. I can run it manually as root but other than that its a no-go. The script that resides in root is suppose to launch from the cron job as soon as chromium is open.

Code:

#!/bin/bash

START="/root/blahblah.sh"
PGREP="/usr/bin/pgrep"
CHROME="/usr/bin/chromium"

$PGREP ${CHROME}

if [ $? -ne 0 ]
then

 $START
fi

upnort · 09-15-2020, 09:57 AM

Quote:

START="/root/blahblah.sh"

To run as non-root move the script out of /root to some place like /usr/local/bin.

michaelk · 09-15-2020, 10:13 AM

cron always runs at a particular time except for on boot which is independent of when a program starts. Does the script need to run as root?

PROBLEMCHYLD · 09-15-2020, 10:30 AM

The script is running regardless whether Chromium is open or not. I have moved the scripts to a temp location for testing.
I only want the scripts to run if Chromium is open if not I want the script to stay dormant in the cron job. I'm no scripter.

PROBLEMCHYLD · 09-15-2020, 10:40 AM

Quote:

Originally Posted by michaelk

cron always runs at a particular time except for on boot which is independent of when a program starts. Does the script need to run as root?

yes it needs root.

slac-in-the-box · 09-15-2020, 10:42 AM

Like michaelk was saying, cron jobs provide chronological based hooks, so might not be the best choice...

If you want to use cron jobs as a regular user, your user needs to be in the same group that owns the crond binary. You could create a group, cronusers, and then "chown root:cronusers usr/sbin/crond", after that any user in the cronusers group could make their own cron tables.

As root, the easiest way to run time-based cron jobs, is just to put the scripts in the appropriate folder in etc., i.e., cron.hourly, cron.daily, cron.weekly, etc. You can manually edit a crontab file (crontab -e) and add an @reboot, to create jobs for reboot.

IMHO, the only way to use cron job when you open chromium, is to predict when you plan on opening it: therefore, cron job is probably not what you want.

You could just rename your script "chromium-launcher" or the like, and put it in /usr/bin (or somewhere else that is in your $PATH, where executable binaries are expected--though they don't have to be binaries, and can be shell scripts too). Then to start chromium, you would just type chromium-launcher at your cli. If you want a graphical icon to click or tap on, you can use chromium's icon to execute your script--however, how to do that, is dependent on which window-manager you use (i.e., kde, xfce, stumpwm, etc.)...

PROBLEMCHYLD · 09-15-2020, 10:52 AM

tor proxy + torify script

Code:

#!/bin/bash

[ $( id -u) != "0" ] && echo "This script needs root privileges!" && exit

printf "AutomapHostsOnResolve 1\nAvoidDiskWrites 1\nDataDirectory /var/lib/tor\nDisableAllSwap 1\nDNSPort 127.0.0.1:5353\nExcludeExitNodes {au}, {ca}, {fr}, {gb}, {nz}, {us}\nFascistFirewall 1\nGeoIPExcludeUnknown 1\nHashedControlPassword 16:C18BE92953A2240C609FD7B56C2069C639108CF4275C737D84EB519B84\nLongLivedPorts 9050\nNodeFamily {au}, {ca}, {fr}, {gb}, {nz}, {us}\nPathsNeededToBuildCircuits 0.95\nSandbox 1\nSocksPolicy accept 127.0.0.1/32\nSocksPort 127.0.0.1:9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestAddr IsolateDestPort\nStrictNodes 1\nTransPort 127.0.0.1:9040 IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort\nVirtualAddrNetwork 10.192.0.0/10" > torify

echo "Starting TOR..."

sh /etc/rc.d/rc.unbound stop

killall tor > /dev/null 2>&1
killall unbound > /dev/null 2>&1

tor -f /etc/tor/torify > torify.log &

echo "Wait for TOR bootstrap..."

grep -q 'Done' <(tail -f torify.log)

echo "Bootstrap ok!"

# Backup iptables rules
echo "Backup IPTABLES rules..."
iptables-save > backup

echo "Setting firewall rules..."
NON_TOR="192.168.0.0/24"

iptables -F
iptables -X
iptables -t nat -F
iptables -t mangle -F
iptables -t raw -F
iptables --delete-chain
iptables --table nat --delete-chain

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -t nat -A OUTPUT -d 10.192.0.0/10 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
iptables -t nat -A OUTPUT -m owner --uid-owner tor -j RETURN
iptables -t nat -A OUTPUT -o lo -j RETURN
iptables -t nat -A OUTPUT -d 127.0.0.0/8 -j RETURN
# iptables -t nat -A OUTPUT -d 192.168.0.0/24 -j RETURN
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner unbound -m tcp -j REDIRECT --to-ports 9040
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner unbound -m tcp --dport 9040 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -d 127.0.0.1/32 -o lo -j ACCEPT
iptables -A OUTPUT -o wlan0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A OUTPUT -m owner --uid-owner 0 -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
 iptables -t nat -A OUTPUT -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
 iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT
iptables -A OUTPUT -j REJECT

echo "Done!"
echo "Press any key to stop transparent proxy..."
read -n 1
killall tor

echo "Clear tor rules and restore previous configuration..."
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -F
iptables -X
iptables -t nat -F
iptables -t mangle -F
iptables -t raw -F
iptables --delete-chain
iptables --table nat --delete-chain

#restore previous rules
iptables-restore < backup;

#Cleaning up
rm -rf backup
rm -rf torify
rm -rf torify.log

sh /etc/rc.d/rc.unbound start

script to run tor proxy + torify script only if Chromium is running

Code:

#!/bin/bash

START="/home/problemchyld/Desktop/torify.sh"
PGREP="/usr/bin/pgrep"
CHROME="/usr/bin/chromium"

$PGREP ${CHROME}

if [ $? -ne 0 ]
then

 $START
fi

I can't or don't know how to run the proxy script without root but like a cron job to do it.

michaelk · 09-15-2020, 11:13 AM

I suggest using sudo to run your script from your regular user. Another script could start chromium and run your proxy script.

PROBLEMCHYLD · 09-15-2020, 11:52 AM

So it's not possible to automate this task? I really don't want to have to su every time to launch the chromium script.

Turbocapitalist · 09-15-2020, 11:56 AM

su is very different than sudo. The latter can be used in scripts and elevate only a specific program using specific parameters. It would be very useful in the task you describe.

For an in-depth explanation of the capabilities, see Michael W Lucas' book sudo Mastery, 2nd edition or one of his lectures.

For a brief overview, see my rant on the topic.

michaelk · 09-15-2020, 12:04 PM

sudo not su. Give permission for your regular to run your script as root.

As is there is no loop in your cron script so there is nothing to keep it running. You could add a loop with a sleep statement which basically runs continuously.

bassmadrigal · 09-15-2020, 12:58 PM

cron won't do what you're looking for unless you want to have it poll every minute or few and then run it, but you'll have some time after you started Chromium where the script wouldn't run until it reached its next scheduled job.

A better option would be to edit the script used to launch chromium (at least, I assume there's a script, since there is one for Chrome, /usr/bin/google-chrome-stable -- if there isn't one, then I'd create a script to run your commands and then run Chromium) to run your script before running the commands to start Chromium.

LuckyCyborg · 09-15-2020, 01:01 PM

Chromium refuses to run as root, BTW...

bassmadrigal · 09-15-2020, 01:39 PM

Quote:

Originally Posted by LuckyCyborg

Chromium refuses to run as root, BTW...

If he uses the script method I suggested, he could simply add a sudo (if the user is set up for it otherwise kdesu) in front of the line running the the tor script, and then the rest of the chromium script would continue to run as the normal user.

PROBLEMCHYLD · 09-15-2020, 01:43 PM

Where am I suppose to run sudo at and added to which part of the scripts?