[Cialug] cron gpg

Claus cniesen at gmx.net
Mon Aug 28 14:31:08 CDT 2006 

Cron should run all commands with root privileges.  I'm not sure what 
environment variable are set by default.

Although I use a different OS it should work the same.  I created a 
script file and call it from cron (all in one line):
   0 4 * * 3 /usr/bin/su root -c
   "/root/cronscripts/user-data-backup" > /dev/null 2>&1#

In the script file I exclusively declare the shell and path:
   #!/bin/sh

   #PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin
   #export PATH

   tar -cf - /home/claus | gpg --batch -e -r Claus -o
   /backup/claus-`date +%Y-%m-%d`.tar.pgp

The although I haven't explicitly set it, the home path of root seems to 
be correct since the public pgp keys reside in the ~/.gnugp/pubring.gpg 
of root.

Instead of waiting till tonight I would change the cron date/time to 
test it earlier.

Good luck,
   Claus

On 8/28/2006 10:48 AM, Barry Von Ahsen wrote:
> I have a process that gpgs and ftps a file.  When I run it from the 
> command line (as root), everything works fine.  When cron tries to run 
> it (as root), it claims it can't find the gpg key it needs.  Is there 
> anything special I need to do?  Is cron really running as root, or as 
> some root-equivalent user?  This is on RHEL 4.3
> 
> I just noticed SHLVL is different, but I re-ran from SHLVL=2 on the 
> command line and it worked fine
> 
> Here is cron's env:
> SHELL=/bin/bash MAILTO=root OLDPWD=/ USER=root 
> PATH=/sbin:/bin:/usr/sbin:/usr/bin PWD=/home/dir/lmsfile HOME=/ SHLVL=2 
> LOGNAME=root _=/bin/env
> 
> Here is root's env (from the same dir):
> HOSTNAME=www.server.com
> SHELL=/bin/bash
> TERM=screen
> HISTSIZE=1000
> USER=root
> LS_COLORS=*snip*
> MAIL=/var/spool/mail/root
> PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin 
> 
> INPUTRC=/etc/inputrc
> PWD=/home/dir/lmsfile
> LANG=en_US.UTF-8
> SHLVL=1
> HOME=/root
> LOGNAME=root
> LESSOPEN=|/usr/bin/lesspipe.sh %s
> G_BROKEN_FILENAMES=1
> _=/bin/env
> OLDPWD=/root
> 
> and the gpg error:
> gpg: entsys: skipped: public key not found
> gpg: /home/dir/lmsfile/file.clr: encryption failed: public key not found
> 
> and the relevant script line:
> /usr/bin/gpg -v -r entsys --yes --always-trust --output ${GPGFILE} 
> --encrypt ${CLEARFILE} >> gpg_putfiles.log 2>&1
> 
> and the crontab line:
> 30 20 * * * root sh /etc/cron.d/runlms > /dev/null 2>&1
> 
> this all worked fine on mandrake, then went to crap on rhel until I 
> figured out I couldn't directly execute the script, I had to run it 
> through sh
> 
> -barry
> 
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
> 
>

More information about the Cialug mailing list