[Cialug] cron gpg

Mon Aug 28 16:32:58 CDT 2006

Instead of setting up paths, you could also use the '--keyring'
argument to gnupg.  You can also specify the home directory to gnupg
with the '--homedir' argument.

On 8/28/06, Claus <cniesen at gmx.net> wrote:
> Cron should run all commands with root privileges.  I'm not sure what
> environment variable are set by default.
>
> Although I use a different OS it should work the same.  I created a
> script file and call it from cron (all in one line):
>    0 4 * * 3 /usr/bin/su root -c
>    "/root/cronscripts/user-data-backup" > /dev/null 2>&1#
>
> In the script file I exclusively declare the shell and path:
>    #!/bin/sh
>
>    #PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin
>    #export PATH
>
>    tar -cf - /home/claus | gpg --batch -e -r Claus -o
>    /backup/claus-`date +%Y-%m-%d`.tar.pgp
>
> The although I haven't explicitly set it, the home path of root seems to
> be correct since the public pgp keys reside in the ~/.gnugp/pubring.gpg
> of root.
>
> Instead of waiting till tonight I would change the cron date/time to
> test it earlier.
>
> Good luck,
>    Claus
>
> On 8/28/2006 10:48 AM, Barry Von Ahsen wrote:
> > I have a process that gpgs and ftps a file.  When I run it from the
> > command line (as root), everything works fine.  When cron tries to run
> > it (as root), it claims it can't find the gpg key it needs.  Is there
> > anything special I need to do?  Is cron really running as root, or as
> > some root-equivalent user?  This is on RHEL 4.3
> >
> > I just noticed SHLVL is different, but I re-ran from SHLVL=2 on the
> > command line and it worked fine
> >
> > Here is cron's env:
> > SHELL=/bin/bash MAILTO=root OLDPWD=/ USER=root
> > PATH=/sbin:/bin:/usr/sbin:/usr/bin PWD=/home/dir/lmsfile HOME=/ SHLVL=2
> > LOGNAME=root _=/bin/env
> >
> > Here is root's env (from the same dir):
> > HOSTNAME=www.server.com
> > SHELL=/bin/bash
> > TERM=screen
> > HISTSIZE=1000
> > USER=root
> > LS_COLORS=*snip*
> > MAIL=/var/spool/mail/root
> > PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
> >
> > INPUTRC=/etc/inputrc
> > PWD=/home/dir/lmsfile
> > LANG=en_US.UTF-8
> > SHLVL=1
> > HOME=/root
> > LOGNAME=root
> > LESSOPEN=|/usr/bin/lesspipe.sh %s
> > G_BROKEN_FILENAMES=1
> > _=/bin/env
> > OLDPWD=/root
> >
> > and the gpg error:
> > gpg: entsys: skipped: public key not found
> > gpg: /home/dir/lmsfile/file.clr: encryption failed: public key not found
> >
> > and the relevant script line:
> > /usr/bin/gpg -v -r entsys --yes --always-trust --output ${GPGFILE}
> > --encrypt ${CLEARFILE} >> gpg_putfiles.log 2>&1
> >
> > and the crontab line:
> > 30 20 * * * root sh /etc/cron.d/runlms > /dev/null 2>&1
> >
> > this all worked fine on mandrake, then went to crap on rhel until I
> > figured out I couldn't directly execute the script, I had to run it
> > through sh
> >
> > -barry
> >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> >
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

-- 
Tired programmer
Coding late into the night
The core dump follows

My GNUPG public key is available at http://www.kristau.net/public_key.asc