Solved

Problem with gpg and cron

Posted on 2007-04-04
13
1,244 Views
Last Modified: 2013-12-15
I am having trouble getting cron to run a perl script that runs perfectly fine from bash. It fails at the section where it is trying to run gpg to decrypt some files. At first I was getting an error stating that it couldn't find dev/tty and that this directory did not exist. I changed my scipt so that it also included the --batch --no-tty options when calling gpg. This fixed the first problem and created a new issue where it would claim that it can't find the private key for proper decrytion. I double checked and my private key is in there and works just fine otherwise I wouldn't be able to get the perl script to decrypt files when I started the script from bash. Why won't the exact same script work in cron. Here is all that I am telling it to do in gpg:

/usr/local/bin/gpg --no-tty --batch --passphrase [passphrase] --output [output name] --decrypt [filename/location]

0
Comment
Question by:dulcett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 17

Expert Comment

by:mjcoyne
ID: 18855323
What user is the script running as in cron?  Do you have SELinux enabled?  Does the user that cron is running the script as have permisson to access all required directories and files?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18856457
> .. would claim that it can't find the private key for proper decrytion.
sounds like cron is running as a different user.
You need to ensure that your script is running as the proper user,.
0
 

Author Comment

by:dulcett
ID: 18857929
The cron job is running as root so I don't think that is the problem. I would imagine that it must not be looking at the correct directories for a proper gpg run but I'm not sure. Here is what my crontab looks like:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
PERL5LIB=/usr/local/lib/perl5/5.8.8/i686-linux:/usr/local/lib/perl5/5.8.8
LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/dev/tty
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
30 8 * * * root perl /tmp/mysql_backup_daily.pl
05 7 * * 1 root perl /mydirectory/MYGPGPERLSCRIPT.pl

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 51

Expert Comment

by:ahoffmann
ID: 18858258
> The cron job is running as root so I don't think that is the problem.
that's exactly the problem!
Simply start that task in the user's crontab.
0
 

Author Comment

by:dulcett
ID: 18858324
As what user? I have been working as user: root
0
 

Author Comment

by:dulcett
ID: 18858331
This is the mail message I get when cron doesn't run

From: root@localhost.localdomain (Cron Daemon)
To: root@localhost.localdomain
Subject: Cron <root@localhost> perl /mydirectory/THEONE_2.pl
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/etc/sysconfig/rhn:/usr/include/kde:/usr/lib/gnupg:/usr/local/bin:/usr/local/libexec/gnupg:/usr/share/rhn>
X-Cron-Env: <PERL5LIB=/usr/local/lib/perl5/5.8.8/i686-linux:/usr/local/lib/perl5/5.8.8>
X-Cron-Env: <LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/dev/tty>
X-Cron-Env: <MAILTO=root>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>


gpg: encrypted with ELG-E key, ID 0646FAAA
gpg: decryption failed: secret key not available
0
 
LVL 39

Expert Comment

by:Adam314
ID: 18858424
Are you user root when you run it from the command line?
What is your home directory as user root?  Put that in as HOME=/root  (or whatever it is)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18858432
so your keys are stored in ~/.gnupg where ~ is the home directory as specified for user root in /etc/passwd?
0
 

Author Comment

by:dulcett
ID: 18858653
This is the line for root in my etc password file

root:x:0:0:root:/root:/bin/bash
0
 

Author Comment

by:dulcett
ID: 18858662
Yes, I am root when I run it from commandline and it works fine when I run the script that way.
0
 
LVL 39

Accepted Solution

by:
Adam314 earned 500 total points
ID: 18858755
in your crontab, put HOME=/root instead of HOME=/
0
 

Author Comment

by:dulcett
ID: 18858910
It works now. Thanks.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18862608
hmm, that's exactly what I asked for/said in http:#18858432
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question