Run /etc/cron.daily from specific user
Do I properly understand that it is not possible to run /etc/cron.daily/my
from arbitrary user, it will be run only from root
according to /etc/crontab
?
Can I drop root privilege to specific user in my cron scrip instead?
It is better to place cron job into /etc/cron.d
? Like:
$ cat /etc/cron.d/my
5 0 * * * user test -x /usr/bin/my && /usr/bin/my -cfg /etc/my.cfg
cron anacron
add a comment |
Do I properly understand that it is not possible to run /etc/cron.daily/my
from arbitrary user, it will be run only from root
according to /etc/crontab
?
Can I drop root privilege to specific user in my cron scrip instead?
It is better to place cron job into /etc/cron.d
? Like:
$ cat /etc/cron.d/my
5 0 * * * user test -x /usr/bin/my && /usr/bin/my -cfg /etc/my.cfg
cron anacron
add a comment |
Do I properly understand that it is not possible to run /etc/cron.daily/my
from arbitrary user, it will be run only from root
according to /etc/crontab
?
Can I drop root privilege to specific user in my cron scrip instead?
It is better to place cron job into /etc/cron.d
? Like:
$ cat /etc/cron.d/my
5 0 * * * user test -x /usr/bin/my && /usr/bin/my -cfg /etc/my.cfg
cron anacron
Do I properly understand that it is not possible to run /etc/cron.daily/my
from arbitrary user, it will be run only from root
according to /etc/crontab
?
Can I drop root privilege to specific user in my cron scrip instead?
It is better to place cron job into /etc/cron.d
? Like:
$ cat /etc/cron.d/my
5 0 * * * user test -x /usr/bin/my && /usr/bin/my -cfg /etc/my.cfg
cron anacron
cron anacron
asked Dec 30 '18 at 8:12
gavenkoagavenkoa
637814
637814
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You are right, the jobs in /etc/cron.daily
(and weekly/monthly, etc.) are always
executed as user root
but you can simply swith the user from within the script
and call that very script again as that other user, including all supplied
arguments (although there won't be any in a cron.daily
job):
File /etc/cron.daily/my
:
#!/bin/sh
# If started as root, then re-start as user "gavenkoa":
if [ "$(id -u)" -eq 0 ]; then
exec sudo -H -u gavenkoa $0 "$@"
echo "This is never reached.";
fi
echo "This runs as user $(id -un)";
# prints "gavenkoa"
exit 0;
When the script is started as user root
it will detect so and
re-execute itself via sudo -H -u gavenkoa
, that is: as
user gavenkoa
. This requires no special entries in /etc/sudoers
because root
is always allowed to switch to any user.
The exec
replaces the current process with the new sudo …
call
and never returns. That's why you don't need an else
clause.
As I understandsudo
isn't POSIX utils. Issu
available in all UNIXes?
– gavenkoa
Dec 30 '18 at 13:32
1
@gavenkoa We are talking about Ubuntu, aren't we? Theresudo
is always installed. But if you prefersu
instead, you can of course replace thesudo
call withsu
but be aware that it's more complicated to pass the arguments"$@"
tosu
, see Pass arguments to a command run by another user over on U&L.
– PerlDuck
Dec 30 '18 at 14:02
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105542%2frun-etc-cron-daily-from-specific-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You are right, the jobs in /etc/cron.daily
(and weekly/monthly, etc.) are always
executed as user root
but you can simply swith the user from within the script
and call that very script again as that other user, including all supplied
arguments (although there won't be any in a cron.daily
job):
File /etc/cron.daily/my
:
#!/bin/sh
# If started as root, then re-start as user "gavenkoa":
if [ "$(id -u)" -eq 0 ]; then
exec sudo -H -u gavenkoa $0 "$@"
echo "This is never reached.";
fi
echo "This runs as user $(id -un)";
# prints "gavenkoa"
exit 0;
When the script is started as user root
it will detect so and
re-execute itself via sudo -H -u gavenkoa
, that is: as
user gavenkoa
. This requires no special entries in /etc/sudoers
because root
is always allowed to switch to any user.
The exec
replaces the current process with the new sudo …
call
and never returns. That's why you don't need an else
clause.
As I understandsudo
isn't POSIX utils. Issu
available in all UNIXes?
– gavenkoa
Dec 30 '18 at 13:32
1
@gavenkoa We are talking about Ubuntu, aren't we? Theresudo
is always installed. But if you prefersu
instead, you can of course replace thesudo
call withsu
but be aware that it's more complicated to pass the arguments"$@"
tosu
, see Pass arguments to a command run by another user over on U&L.
– PerlDuck
Dec 30 '18 at 14:02
add a comment |
You are right, the jobs in /etc/cron.daily
(and weekly/monthly, etc.) are always
executed as user root
but you can simply swith the user from within the script
and call that very script again as that other user, including all supplied
arguments (although there won't be any in a cron.daily
job):
File /etc/cron.daily/my
:
#!/bin/sh
# If started as root, then re-start as user "gavenkoa":
if [ "$(id -u)" -eq 0 ]; then
exec sudo -H -u gavenkoa $0 "$@"
echo "This is never reached.";
fi
echo "This runs as user $(id -un)";
# prints "gavenkoa"
exit 0;
When the script is started as user root
it will detect so and
re-execute itself via sudo -H -u gavenkoa
, that is: as
user gavenkoa
. This requires no special entries in /etc/sudoers
because root
is always allowed to switch to any user.
The exec
replaces the current process with the new sudo …
call
and never returns. That's why you don't need an else
clause.
As I understandsudo
isn't POSIX utils. Issu
available in all UNIXes?
– gavenkoa
Dec 30 '18 at 13:32
1
@gavenkoa We are talking about Ubuntu, aren't we? Theresudo
is always installed. But if you prefersu
instead, you can of course replace thesudo
call withsu
but be aware that it's more complicated to pass the arguments"$@"
tosu
, see Pass arguments to a command run by another user over on U&L.
– PerlDuck
Dec 30 '18 at 14:02
add a comment |
You are right, the jobs in /etc/cron.daily
(and weekly/monthly, etc.) are always
executed as user root
but you can simply swith the user from within the script
and call that very script again as that other user, including all supplied
arguments (although there won't be any in a cron.daily
job):
File /etc/cron.daily/my
:
#!/bin/sh
# If started as root, then re-start as user "gavenkoa":
if [ "$(id -u)" -eq 0 ]; then
exec sudo -H -u gavenkoa $0 "$@"
echo "This is never reached.";
fi
echo "This runs as user $(id -un)";
# prints "gavenkoa"
exit 0;
When the script is started as user root
it will detect so and
re-execute itself via sudo -H -u gavenkoa
, that is: as
user gavenkoa
. This requires no special entries in /etc/sudoers
because root
is always allowed to switch to any user.
The exec
replaces the current process with the new sudo …
call
and never returns. That's why you don't need an else
clause.
You are right, the jobs in /etc/cron.daily
(and weekly/monthly, etc.) are always
executed as user root
but you can simply swith the user from within the script
and call that very script again as that other user, including all supplied
arguments (although there won't be any in a cron.daily
job):
File /etc/cron.daily/my
:
#!/bin/sh
# If started as root, then re-start as user "gavenkoa":
if [ "$(id -u)" -eq 0 ]; then
exec sudo -H -u gavenkoa $0 "$@"
echo "This is never reached.";
fi
echo "This runs as user $(id -un)";
# prints "gavenkoa"
exit 0;
When the script is started as user root
it will detect so and
re-execute itself via sudo -H -u gavenkoa
, that is: as
user gavenkoa
. This requires no special entries in /etc/sudoers
because root
is always allowed to switch to any user.
The exec
replaces the current process with the new sudo …
call
and never returns. That's why you don't need an else
clause.
edited Dec 30 '18 at 11:59
answered Dec 30 '18 at 11:48
PerlDuckPerlDuck
5,63811332
5,63811332
As I understandsudo
isn't POSIX utils. Issu
available in all UNIXes?
– gavenkoa
Dec 30 '18 at 13:32
1
@gavenkoa We are talking about Ubuntu, aren't we? Theresudo
is always installed. But if you prefersu
instead, you can of course replace thesudo
call withsu
but be aware that it's more complicated to pass the arguments"$@"
tosu
, see Pass arguments to a command run by another user over on U&L.
– PerlDuck
Dec 30 '18 at 14:02
add a comment |
As I understandsudo
isn't POSIX utils. Issu
available in all UNIXes?
– gavenkoa
Dec 30 '18 at 13:32
1
@gavenkoa We are talking about Ubuntu, aren't we? Theresudo
is always installed. But if you prefersu
instead, you can of course replace thesudo
call withsu
but be aware that it's more complicated to pass the arguments"$@"
tosu
, see Pass arguments to a command run by another user over on U&L.
– PerlDuck
Dec 30 '18 at 14:02
As I understand
sudo
isn't POSIX utils. Is su
available in all UNIXes?– gavenkoa
Dec 30 '18 at 13:32
As I understand
sudo
isn't POSIX utils. Is su
available in all UNIXes?– gavenkoa
Dec 30 '18 at 13:32
1
1
@gavenkoa We are talking about Ubuntu, aren't we? There
sudo
is always installed. But if you prefer su
instead, you can of course replace the sudo
call with su
but be aware that it's more complicated to pass the arguments "$@"
to su
, see Pass arguments to a command run by another user over on U&L.– PerlDuck
Dec 30 '18 at 14:02
@gavenkoa We are talking about Ubuntu, aren't we? There
sudo
is always installed. But if you prefer su
instead, you can of course replace the sudo
call with su
but be aware that it's more complicated to pass the arguments "$@"
to su
, see Pass arguments to a command run by another user over on U&L.– PerlDuck
Dec 30 '18 at 14:02
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105542%2frun-etc-cron-daily-from-specific-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown