Solved

Problem with gpg and cron

Posted on 2007-04-04
13
1,228 Views
Last Modified: 2013-12-15
I am having trouble getting cron to run a perl script that runs perfectly fine from bash. It fails at the section where it is trying to run gpg to decrypt some files. At first I was getting an error stating that it couldn't find dev/tty and that this directory did not exist. I changed my scipt so that it also included the --batch --no-tty options when calling gpg. This fixed the first problem and created a new issue where it would claim that it can't find the private key for proper decrytion. I double checked and my private key is in there and works just fine otherwise I wouldn't be able to get the perl script to decrypt files when I started the script from bash. Why won't the exact same script work in cron. Here is all that I am telling it to do in gpg:

/usr/local/bin/gpg --no-tty --batch --passphrase [passphrase] --output [output name] --decrypt [filename/location]

0
Comment
Question by:dulcett
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 17

Expert Comment

by:mjcoyne
ID: 18855323
What user is the script running as in cron?  Do you have SELinux enabled?  Does the user that cron is running the script as have permisson to access all required directories and files?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18856457
> .. would claim that it can't find the private key for proper decrytion.
sounds like cron is running as a different user.
You need to ensure that your script is running as the proper user,.
0
 

Author Comment

by:dulcett
ID: 18857929
The cron job is running as root so I don't think that is the problem. I would imagine that it must not be looking at the correct directories for a proper gpg run but I'm not sure. Here is what my crontab looks like:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
PERL5LIB=/usr/local/lib/perl5/5.8.8/i686-linux:/usr/local/lib/perl5/5.8.8
LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/dev/tty
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
30 8 * * * root perl /tmp/mysql_backup_daily.pl
05 7 * * 1 root perl /mydirectory/MYGPGPERLSCRIPT.pl

0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 18858258
> The cron job is running as root so I don't think that is the problem.
that's exactly the problem!
Simply start that task in the user's crontab.
0
 

Author Comment

by:dulcett
ID: 18858324
As what user? I have been working as user: root
0
 

Author Comment

by:dulcett
ID: 18858331
This is the mail message I get when cron doesn't run

From: root@localhost.localdomain (Cron Daemon)
To: root@localhost.localdomain
Subject: Cron <root@localhost> perl /mydirectory/THEONE_2.pl
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/etc/sysconfig/rhn:/usr/include/kde:/usr/lib/gnupg:/usr/local/bin:/usr/local/libexec/gnupg:/usr/share/rhn>
X-Cron-Env: <PERL5LIB=/usr/local/lib/perl5/5.8.8/i686-linux:/usr/local/lib/perl5/5.8.8>
X-Cron-Env: <LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/dev/tty>
X-Cron-Env: <MAILTO=root>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>


gpg: encrypted with ELG-E key, ID 0646FAAA
gpg: decryption failed: secret key not available
0
 
LVL 39

Expert Comment

by:Adam314
ID: 18858424
Are you user root when you run it from the command line?
What is your home directory as user root?  Put that in as HOME=/root  (or whatever it is)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18858432
so your keys are stored in ~/.gnupg where ~ is the home directory as specified for user root in /etc/passwd?
0
 

Author Comment

by:dulcett
ID: 18858653
This is the line for root in my etc password file

root:x:0:0:root:/root:/bin/bash
0
 

Author Comment

by:dulcett
ID: 18858662
Yes, I am root when I run it from commandline and it works fine when I run the script that way.
0
 
LVL 39

Accepted Solution

by:
Adam314 earned 500 total points
ID: 18858755
in your crontab, put HOME=/root instead of HOME=/
0
 

Author Comment

by:dulcett
ID: 18858910
It works now. Thanks.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18862608
hmm, that's exactly what I asked for/said in http:#18858432
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
capture pcap with filtered traffic 1 81
'Cert OK' on www.checkctls.com failed for main mx record 1 41
Upgrade BIOS / EUFI at Scale 4 54
expand ext4 on centos 6 5 37
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question