tags:

views:

575

answers:

2
Q: 

How do I run a command as a different user from a root cronjob?

I seem to be stuck between an NFS limitation and a Cron limitation.

So I've got root cron (on RHEL5) running a shell script that, among other things, needs to rsync some files over an NFS mount. And the files on the NFS mount are owned by the apache user with mode 700, so only the apache user can run the rsync command -- running as root yields a permission error (NFS being a rare case, apparently, where the root user is not all-powerful?)

When I just want to run the rsync by hand, I can use "sudo -u apache rsync ..." But sudo no workie in cron -- it says "sudo: sorry, you must have a tty to run sudo".

I don't want to run the whole script as apache (i.e. from apache's crontab) because other parts of the script do require root -- it's just that one command that needs to run as apache. And I would really prefer not to change the mode on the files, as that will involve significant changes to other applications.

There's gotta be a way to accomplish "sudo -u apache" from cron??

thanks! rob

+2  A: 

Use su instead of sudo:

su -c "rsync ..." apache
Jukka Matilainen  2009-08-25 17:00:53
Yes! But no. The apache user does not have a regular login shell, so the su -c syntax only returns "This account is currently not available". And altering the apache user's passwd entry for this purpose seems like a bad idea.Hm, I guess this question should be titled "How do I run a command as the apache user from a root cronjob?" And maybe it can't be done without introducing security holes?
rob  2009-08-27 15:46:48
Does it help if you explicitly specify the shell to be used with the `-s` switch (for example `-s /bin/sh`)? At least on Ubuntu this seems to help if the user in question does not have a valid shell in /etc/passwd.
Jukka Matilainen  2009-08-27 17:20:20
A: 

place it in /etc/crontab and specify apache instead of root in the user field

Robert Foreman  2010-03-27 00:36:43

related questions

User Control Public Shared Variables in ASP.NET 1.1 Not Working As Expected
Best place to save user information xp and vista
Training Users In Security
User Groups Management Implemenation for Desktop Application Question (C#) ?
iPhone application : is-it possible to use a "double" slider to select a price range
Getting multiple UI threads in Windows Forms
How do you store/share online your personal documents ?
Using windows authentication to log on to site using c#
What is the best way to add users to multiple groups in a database?
Unix Proc Directory
Have you ever faced an ethical issue when creating an application?
PostgreSQL 8.3 privileges not updated - wrong usage?
Hierarchical Group Permissions Theory/Resources?
Beta Test Guidelines / Agreement
Getting user photo from SPUser using WSS Object model
Do you know a service like uservoice.com for bug reports?
Multiple permission types (roles) stored in database as single decimal
Best Way to Unit Test a Website With Multiple User Types with PHPUnit
Average User Download Speeds
Passing switches to Xcode 3.1 user scripts
How do I add a user in Ubuntu?
Enumerate Windows user group members on remote system using c#
Should menu items always be enabled? And how do you tell the user?
What do you look for from a User Group?
How to make subdomain user accounts in a webapp