Solved

Problem with gpg and cron

Posted on 2007-04-04
13
1,227 Views
Last Modified: 2013-12-15
I am having trouble getting cron to run a perl script that runs perfectly fine from bash. It fails at the section where it is trying to run gpg to decrypt some files. At first I was getting an error stating that it couldn't find dev/tty and that this directory did not exist. I changed my scipt so that it also included the --batch --no-tty options when calling gpg. This fixed the first problem and created a new issue where it would claim that it can't find the private key for proper decrytion. I double checked and my private key is in there and works just fine otherwise I wouldn't be able to get the perl script to decrypt files when I started the script from bash. Why won't the exact same script work in cron. Here is all that I am telling it to do in gpg:

/usr/local/bin/gpg --no-tty --batch --passphrase [passphrase] --output [output name] --decrypt [filename/location]

0
Comment
Question by:dulcett
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 17

Expert Comment

by:mjcoyne
ID: 18855323
What user is the script running as in cron?  Do you have SELinux enabled?  Does the user that cron is running the script as have permisson to access all required directories and files?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18856457
> .. would claim that it can't find the private key for proper decrytion.
sounds like cron is running as a different user.
You need to ensure that your script is running as the proper user,.
0
 

Author Comment

by:dulcett
ID: 18857929
The cron job is running as root so I don't think that is the problem. I would imagine that it must not be looking at the correct directories for a proper gpg run but I'm not sure. Here is what my crontab looks like:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
PERL5LIB=/usr/local/lib/perl5/5.8.8/i686-linux:/usr/local/lib/perl5/5.8.8
LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/dev/tty
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
30 8 * * * root perl /tmp/mysql_backup_daily.pl
05 7 * * 1 root perl /mydirectory/MYGPGPERLSCRIPT.pl

0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 18858258
> The cron job is running as root so I don't think that is the problem.
that's exactly the problem!
Simply start that task in the user's crontab.
0
 

Author Comment

by:dulcett
ID: 18858324
As what user? I have been working as user: root
0
 

Author Comment

by:dulcett
ID: 18858331
This is the mail message I get when cron doesn't run

From: root@localhost.localdomain (Cron Daemon)
To: root@localhost.localdomain
Subject: Cron <root@localhost> perl /mydirectory/THEONE_2.pl
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/etc/sysconfig/rhn:/usr/include/kde:/usr/lib/gnupg:/usr/local/bin:/usr/local/libexec/gnupg:/usr/share/rhn>
X-Cron-Env: <PERL5LIB=/usr/local/lib/perl5/5.8.8/i686-linux:/usr/local/lib/perl5/5.8.8>
X-Cron-Env: <LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/dev/tty>
X-Cron-Env: <MAILTO=root>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>


gpg: encrypted with ELG-E key, ID 0646FAAA
gpg: decryption failed: secret key not available
0
 
LVL 39

Expert Comment

by:Adam314
ID: 18858424
Are you user root when you run it from the command line?
What is your home directory as user root?  Put that in as HOME=/root  (or whatever it is)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18858432
so your keys are stored in ~/.gnupg where ~ is the home directory as specified for user root in /etc/passwd?
0
 

Author Comment

by:dulcett
ID: 18858653
This is the line for root in my etc password file

root:x:0:0:root:/root:/bin/bash
0
 

Author Comment

by:dulcett
ID: 18858662
Yes, I am root when I run it from commandline and it works fine when I run the script that way.
0
 
LVL 39

Accepted Solution

by:
Adam314 earned 500 total points
ID: 18858755
in your crontab, put HOME=/root instead of HOME=/
0
 

Author Comment

by:dulcett
ID: 18858910
It works now. Thanks.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18862608
hmm, that's exactly what I asked for/said in http:#18858432
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
networking details on centos 6.6 4 64
Backup & Restore 3 56
how to rebuild XFS volume from LV 19 65
Import and exporting Oracle Data with encrypted columns 4 29
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question