[gentoo-user] Sync and glsa-check from cron

[gentoo-user] Sync and glsa-check from cron

[Nick]

[-- Attachment #1: Type: text/plain, Size: 642 bytes --]

Hi there,

I'm planning to set my mother up with a very simple gentoo box, with
only what she needs etc.

Ideally it should require almost no interaction from me, and just
keep itself working and secure.

So, I'm planning to run "sudo emerge --sync" and "sudo glsa-check -f
new" from a cron job, perhaps once a week.

I can set up the sudoers part all fine, but is there anything I
should watch out for / consider when running these maintenance tools
from a cron job?

Thanks,

-Nick

-- 
GPG Key : www.njw.me.uk/nick.gpg.asc     GPG Key ID: 04E4653F
  GPG Fingerprint: 9732 D7C7 A441 D79E FDF0 94F6 1F48 5674 04E4 653F

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Sync and glsa-check from cron

[Joshua Doll]

Nick wrote:
> Hi there,
>
> I'm planning to set my mother up with a very simple gentoo box, with
> only what she needs etc.
>
> Ideally it should require almost no interaction from me, and just
> keep itself working and secure.
>
> So, I'm planning to run "sudo emerge --sync" and "sudo glsa-check -f
> new" from a cron job, perhaps once a week.
>
> I can set up the sudoers part all fine, but is there anything I
> should watch out for / consider when running these maintenance tools
> from a cron job?
>
> Thanks,
>
> -Nick
>
>   
I think cron can run jobs as root.

--Joshua Doll
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Sync and glsa-check from cron

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 709 bytes --]

On Tuesday 19 June 2007 17:18:45 Nick wrote:
> So, I'm planning to run "sudo emerge --sync" and "sudo glsa-check -f
> new" from a cron job, perhaps once a week.
>
> I can set up the sudoers part all fine, but is there anything I
> should watch out for / consider when running these maintenance tools
> from a cron job?

Not these two, they shouldn't depend significantly on your environment 
variables.  Just make sure you are in the right group to run cron jobs.

-- 
Boyd Stephen Smith Jr.                     ,= ,-_-. =. 
bss03@volumehost.net                      ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy           `-'(. .)`-' 
http://iguanasuicide.org/                      \_/     

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Sync and glsa-check from cron

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 2076 bytes --]

On Tuesday 19 June 2007 17:26:15 Joshua Doll wrote:
> Nick wrote:
> > I can set up the sudoers part all fine, but is there anything I
> > should watch out for / consider when running these maintenance tools
> > from a cron job?

Oh, and I forgot to mention it in my other direct reply:  You'll probably need 
to specify the full path to those commands.  $PATH is generally different or 
unset when tasks are run from cron.

> I think cron can run jobs as root.

Yes, /etc/cron.{hourly,daily,weekly,monthly} contains scripts to be run as 
root.  Also, some (most? all?) cron daemons allow root to have a crontab 
separate from the system crontab.  If you have root access you can even 
fiddle with the system crontab, but that's not the "preferred" solution.

Many cron daemons also allow jobs to be run as a user by maintaining a crontab 
for each user and "su"-ing to the correct user (and cleaning/setting the 
environment) before running the task.  If I'm reading the question correctly, 
he will be adding these actions to his user's crontab and then sudo-ing to 
run the script.  sudo can be set up to allow users to run tasks as root 
without a password.  sudo also cleans the environment by default, but that 
can be turned off or made less strict.

However, tasks run by cron (either as root or as another user) will have 
different environment variables set.  e.g. /etc/profile and $HOME/.profile 
are not sourced in the shell (generally cron jobs aren't run in a shell at 
all).  They will also generally not have a tty associated with them.  Again, 
if I'm reading the OP correctly, (s)he was wondering if those changes will 
affect those two commands.  Some commands / scripts are quite sensitive to 
the environment and may give different results (or not work at all) when run 
from a cron job.

-- 
Boyd Stephen Smith Jr.                     ,= ,-_-. =. 
bss03@volumehost.net                      ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy           `-'(. .)`-' 
http://iguanasuicide.org/                      \_/     

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Sync and glsa-check from cron

[Alan McKinnon]

On Wednesday 20 June 2007, Nick wrote:
> Hi there,
>
> I'm planning to set my mother up with a very simple gentoo box, with
> only what she needs etc.
>
> Ideally it should require almost no interaction from me, and just
> keep itself working and secure.
>
> So, I'm planning to run "sudo emerge --sync" and "sudo glsa-check -f
> new" from a cron job, perhaps once a week.
>
> I can set up the sudoers part all fine, but is there anything I
> should watch out for / consider when running these maintenance tools
> from a cron job?

Why bother with sudo and /etc/sudoers? That's just an extra layer of 
unnecessary complexity. The usual assortment of cron daemons can all 
run commands as root. Write a script to run the commands you want, copy 
it to /etc/cron.d/weekly. It will run at 4:22 am every Sunday.

Log in as root, crontab -e also works. As does sudo crontab -e

You'll have to be aware of the usuaal limitations of cron jobs - they do 
not run under bash, and they seldom have the same environment variables 
set as what a r\egular user gets. So always include full paths to any 
command you run

alan


-- 
Optimists say the glass is half full,
Pessimists say the glass is half empty,
Developers say wtf is the glass twice as big as it needs to be?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Sync and glsa-check from cron

[Nick]

[-- Attachment #1: Type: text/plain, Size: 1431 bytes --]

On Wed, Jun 20, 2007 at 09:50:04AM +0200, Alan McKinnon wrote:
> On Wednesday 20 June 2007, Nick wrote:
> >
> > So, I'm planning to run "sudo emerge --sync" and "sudo glsa-check -f
> > new" from a cron job, perhaps once a week.
> >
> > I can set up the sudoers part all fine, but is there anything I
> > should watch out for / consider when running these maintenance tools
> > from a cron job?
> 
> Why bother with sudo and /etc/sudoers? That's just an extra layer of 
> unnecessary complexity. The usual assortment of cron daemons can all 
> run commands as root. Write a script to run the commands you want, copy 
> it to /etc/cron.d/weekly. It will run at 4:22 am every Sunday.

Sounds good, I'll do that. For some reason I was under the
impression that root couldn't have its own crontab. Clearly I was
mistaken (just as well, that wouldn't make much sense...)

> You'll have to be aware of the usuaal limitations of cron jobs - they do 
> not run under bash, and they seldom have the same environment variables 
> set as what a r\egular user gets. So always include full paths to any 
> command you run

I'll probably be back here if I some variable reassignments or
whatever cause things to get confused, but it doesn't sound likely.

Thanks guys,

-Nick

-- 
GPG Key : www.njw.me.uk/nick.gpg.asc     GPG Key ID: 04E4653F
  GPG Fingerprint: 9732 D7C7 A441 D79E FDF0 94F6 1F48 5674 04E4 653F

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]