dulcett
asked on
Problem with gpg and cron
I am having trouble getting cron to run a perl script that runs perfectly fine from bash. It fails at the section where it is trying to run gpg to decrypt some files. At first I was getting an error stating that it couldn't find dev/tty and that this directory did not exist. I changed my scipt so that it also included the --batch --no-tty options when calling gpg. This fixed the first problem and created a new issue where it would claim that it can't find the private key for proper decrytion. I double checked and my private key is in there and works just fine otherwise I wouldn't be able to get the perl script to decrypt files when I started the script from bash. Why won't the exact same script work in cron. Here is all that I am telling it to do in gpg:
/usr/local/bin/gpg --no-tty --batch --passphrase [passphrase] --output [output name] --decrypt [filename/location]
/usr/local/bin/gpg --no-tty --batch --passphrase [passphrase] --output [output name] --decrypt [filename/location]
What user is the script running as in cron? Do you have SELinux enabled? Does the user that cron is running the script as have permisson to access all required directories and files?
> .. would claim that it can't find the private key for proper decrytion.
sounds like cron is running as a different user.
You need to ensure that your script is running as the proper user,.
sounds like cron is running as a different user.
You need to ensure that your script is running as the proper user,.
ASKER
The cron job is running as root so I don't think that is the problem. I would imagine that it must not be looking at the correct directories for a proper gpg run but I'm not sure. Here is what my crontab looks like:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin: /usr/bin:/ usr/local/ bin
PERL5LIB=/usr/local/lib/pe rl5/5.8.8/ i686-linux :/usr/loca l/lib/perl 5/5.8.8
LD_LIBRARY_PATH=/usr/local /lib:/lib: /usr/lib:/ dev/tty
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
30 8 * * * root perl /tmp/mysql_backup_daily.pl
05 7 * * 1 root perl /mydirectory/MYGPGPERLSCRI PT.pl
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:
PERL5LIB=/usr/local/lib/pe
LD_LIBRARY_PATH=/usr/local
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
30 8 * * * root perl /tmp/mysql_backup_daily.pl
05 7 * * 1 root perl /mydirectory/MYGPGPERLSCRI
> The cron job is running as root so I don't think that is the problem.
that's exactly the problem!
Simply start that task in the user's crontab.
that's exactly the problem!
Simply start that task in the user's crontab.
ASKER
As what user? I have been working as user: root
ASKER
This is the mail message I get when cron doesn't run
From: root@localhost.localdomain (Cron Daemon)
To: root@localhost.localdomain
Subject: Cron <root@localhost> perl /mydirectory/THEONE_2.pl
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin :/usr/bin: /usr/local /bin:/etc/ sysconfig/ rhn:/usr/i nclude/kde :/usr/lib/ gnupg:/usr /local/bin :/usr/loca l/libexec/ gnupg:/usr /share/rhn >
X-Cron-Env: <PERL5LIB=/usr/local/lib/p erl5/5.8.8 /i686-linu x:/usr/loc al/lib/per l5/5.8.8>
X-Cron-Env: <LD_LIBRARY_PATH=/usr/loca l/lib:/lib :/usr/lib: /dev/tty>
X-Cron-Env: <MAILTO=root>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
gpg: encrypted with ELG-E key, ID 0646FAAA
gpg: decryption failed: secret key not available
From: root@localhost.localdomain
To: root@localhost.localdomain
Subject: Cron <root@localhost> perl /mydirectory/THEONE_2.pl
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin
X-Cron-Env: <PERL5LIB=/usr/local/lib/p
X-Cron-Env: <LD_LIBRARY_PATH=/usr/loca
X-Cron-Env: <MAILTO=root>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
gpg: encrypted with ELG-E key, ID 0646FAAA
gpg: decryption failed: secret key not available
Are you user root when you run it from the command line?
What is your home directory as user root? Put that in as HOME=/root (or whatever it is)
What is your home directory as user root? Put that in as HOME=/root (or whatever it is)
so your keys are stored in ~/.gnupg where ~ is the home directory as specified for user root in /etc/passwd?
ASKER
This is the line for root in my etc password file
root:x:0:0:root:/root:/bin /bash
root:x:0:0:root:/root:/bin
ASKER
Yes, I am root when I run it from commandline and it works fine when I run the script that way.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It works now. Thanks.
hmm, that's exactly what I asked for/said in http:#18858432