Solved

Problem with gpg and cron

Posted on 2007-04-04
13
1,219 Views
Last Modified: 2013-12-15
I am having trouble getting cron to run a perl script that runs perfectly fine from bash. It fails at the section where it is trying to run gpg to decrypt some files. At first I was getting an error stating that it couldn't find dev/tty and that this directory did not exist. I changed my scipt so that it also included the --batch --no-tty options when calling gpg. This fixed the first problem and created a new issue where it would claim that it can't find the private key for proper decrytion. I double checked and my private key is in there and works just fine otherwise I wouldn't be able to get the perl script to decrypt files when I started the script from bash. Why won't the exact same script work in cron. Here is all that I am telling it to do in gpg:

/usr/local/bin/gpg --no-tty --batch --passphrase [passphrase] --output [output name] --decrypt [filename/location]

0
Comment
Question by:dulcett
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 17

Expert Comment

by:mjcoyne
ID: 18855323
What user is the script running as in cron?  Do you have SELinux enabled?  Does the user that cron is running the script as have permisson to access all required directories and files?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18856457
> .. would claim that it can't find the private key for proper decrytion.
sounds like cron is running as a different user.
You need to ensure that your script is running as the proper user,.
0
 

Author Comment

by:dulcett
ID: 18857929
The cron job is running as root so I don't think that is the problem. I would imagine that it must not be looking at the correct directories for a proper gpg run but I'm not sure. Here is what my crontab looks like:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
PERL5LIB=/usr/local/lib/perl5/5.8.8/i686-linux:/usr/local/lib/perl5/5.8.8
LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/dev/tty
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
30 8 * * * root perl /tmp/mysql_backup_daily.pl
05 7 * * 1 root perl /mydirectory/MYGPGPERLSCRIPT.pl

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18858258
> The cron job is running as root so I don't think that is the problem.
that's exactly the problem!
Simply start that task in the user's crontab.
0
 

Author Comment

by:dulcett
ID: 18858324
As what user? I have been working as user: root
0
 

Author Comment

by:dulcett
ID: 18858331
This is the mail message I get when cron doesn't run

From: root@localhost.localdomain (Cron Daemon)
To: root@localhost.localdomain
Subject: Cron <root@localhost> perl /mydirectory/THEONE_2.pl
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/etc/sysconfig/rhn:/usr/include/kde:/usr/lib/gnupg:/usr/local/bin:/usr/local/libexec/gnupg:/usr/share/rhn>
X-Cron-Env: <PERL5LIB=/usr/local/lib/perl5/5.8.8/i686-linux:/usr/local/lib/perl5/5.8.8>
X-Cron-Env: <LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/dev/tty>
X-Cron-Env: <MAILTO=root>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>


gpg: encrypted with ELG-E key, ID 0646FAAA
gpg: decryption failed: secret key not available
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 39

Expert Comment

by:Adam314
ID: 18858424
Are you user root when you run it from the command line?
What is your home directory as user root?  Put that in as HOME=/root  (or whatever it is)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18858432
so your keys are stored in ~/.gnupg where ~ is the home directory as specified for user root in /etc/passwd?
0
 

Author Comment

by:dulcett
ID: 18858653
This is the line for root in my etc password file

root:x:0:0:root:/root:/bin/bash
0
 

Author Comment

by:dulcett
ID: 18858662
Yes, I am root when I run it from commandline and it works fine when I run the script that way.
0
 
LVL 39

Accepted Solution

by:
Adam314 earned 500 total points
ID: 18858755
in your crontab, put HOME=/root instead of HOME=/
0
 

Author Comment

by:dulcett
ID: 18858910
It works now. Thanks.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18862608
hmm, that's exactly what I asked for/said in http:#18858432
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Bit Locker 2 55
retrieve nuemaric value from txt file in shell script 3 48
Header of docx file 17 60
Squid Authentication 7 35
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now