Crontab and GPG?

Bob Hall rjhjr at cox.net
Wed Oct 26 21:55:18 PDT 2005


On Wed, Oct 26, 2005 at 08:06:28PM -0400, Kris Kennaway wrote:
> On Wed, Oct 26, 2005 at 07:51:03PM -0400, Bob Hall wrote:
> > On Wed, Oct 26, 2005 at 12:31:44PM -0400, Kris Kennaway wrote:
> > > On Wed, Oct 26, 2005 at 11:23:29AM -0400, Bob Hall wrote:
> > > > On Wed, Oct 26, 2005 at 03:52:53AM -0400, Kris Kennaway wrote:
> > > > > On Tue, Oct 25, 2005 at 07:10:57PM -0400, Bob Hall wrote:
> > > > > > On Tue, Oct 25, 2005 at 03:00:18PM -0400, Kris Kennaway wrote:
> > > > > > > On Tue, Oct 25, 2005 at 02:45:02PM -0400, Bob Hall wrote:
> > > > > > > > On Tue, Oct 25, 2005 at 01:13:52PM -0500, Robert Wall wrote:
> > > > > > > > > Hello!  I'm attempting to run GPG from cron, and it's not working.  I can run the script from the command line, and all works perfectly.  When I try to run it from cron, however, it doesn't work.  The crontab calls this script, called "pgpdecrypt" with the following crontab line:
> > > > > > > > > 
> > > > > > > > > */1    *       *       *       *       root    /bin/bash /etc/pgpdecrypt
> > > > > > > > > 
> > > > > > > > > The /bin/bash wasn't originally there; I added it to make sure that the script was using the correct shell.  Still no luck.  Here's the script that it calls:
> > > > > > > > > 
> > > > > > > > > echo >> /etc/pgpdecrypt.logger "PGP Decrypter Starting"
> > > > > > > > 
> > > > > > > > Take the "/bin/bash" out of your crontab. Put
> > > > > > > > 	#!/bin/bash
> > > > > > > > at the beginning of your script.
> > > > > > > 
> > > > > > > What do you think that will do to help?  It's a NOP, so it can't fix
> > > > > > > the problem (which is because of bad assumptions about PATH, per my
> > > > > > > other message).
> > > > > > 
> > > > > > Well, I don't know whether "#!" is a NOP or not. It does tell the script
> > > > > > which executable to use in executing the script.
> > > > > 
> > > > > Yeah, which he was already doing explicitly (see above) ;-)
> > > > 
> > > > Which is irrelevant. The fact is that if you put the path at the
> > > > beginning of the script, the script will run the same under cron as it
> > > > does under the shell you tested it with. If the OP had put "#!/bin/bash"
> > > > at the beginning of the script when he tested it, he would have been
> > > > able to debug it without being confused by the fact that it ran under
> > > > his shell and not under cron.
> > > 
> > > No, this was because his environment was not as he expected it to be
> > > when run from cron, as I've explained to you twice.  Just making the
> > > NOP change of adding #!/bin/bash when the script is already being run
> > > by /bin/bash will not affect the environment.
> > 
> > I doubt very much that putting the wrong path into the environmental
> > variables is going to help anything.
> 
> PATH does not include /usr/local when run from cron, and his script
> assumes that it does (it calls gpg not /usr/local/bin/gpg).

Then he can include it in his script. That's superior to creating a
potential security problem by giving cron more information than it
needs, particularly when cron is running as root. It's the script that
needs to know the location of gpg, not cron.


More information about the freebsd-questions mailing list