cron job not running because of pam?

Hi Everyone,

I am still an openSUSE noob and have been struggeling to get cron jobs running for the past couple of hours…without having success :shame:

Hopefully a more experienced user can give me a hand :wink:

As root I used crontab to setup some cron jobs:


crontab -u api-cebian -e

The resulting cronjob looks like this:


# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.XXXXuilrnn installed on Sun Oct 10 23:59:07 2010)
# (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $)
MAILTO=XXXXXXXXXXX
50	8	*	*	*	cd /srv/www/vhosts/XXXXXXXX/private/reportcreator/esw ; php createreports.php &>/dev/null

The command is tested and working. The script and its related directories have the
correct permission & ownership. But the related cronjob does not run.

The user has a login including password.


# tail /etc/passwd
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
uuidd:x:102:104:User for uuidd:/var/run/uuidd:/bin/false
wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
api-cebian:x:1004:8:api-cebian:/srv/www/vhosts/api.cebian.net:/bin/false

Here is a related log message (/var/messages):


/usr/sbin/cron[6888]: Permission denied

crontab itself has the following permissions:


# l /usr/bin/crontab 
-rwsr-xr-x 1 root trusted 40432 2010-07-05 13:56 /usr/bin/crontab*

There is no cron.allow or crontab.allow or crontab.deny. The cron.deny looks like this:


# cat /etc/cron.deny
guest
gast

I figured out that my permission problem is probably due to pam, but I was just not
able to figure out how to make the proper settings :frowning:

Here is the related /etc/pam.d/crond:


#
# The PAM configuration file for the cron daemon
#
#
auth     sufficient     pam_rootok.so
auth     include        common-auth
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  include        common-session

I am running openSUSE 11.3 64bit

Hope someone can help me or give me a hint, if there is some important info
missing I will glad to provide it…thanks in advance :stuck_out_tongue:

On 2010-10-22 13:06, awiese2007 wrote:

> 50 8 * * * cd /srv/www/vhosts/XXXXXXXX/private/reportcreator/esw ; php createreports.php &>/dev/null

Replace the command with “/home/api-cebian/bin/myscript” and write that script with those commands.
Also, notice that piping to null does not help here.

Then try to run that script outside of cron - I’m not sure if you will have to enable login.

> The user has a login including password.

No, he hasn’t. It is a no login:

> api-cebian:x:1004:8:api-cebian:/srv/www/vhosts/api.cebian.net:/bin/false


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

The home directory of api-cebian is actually the stated /srv/www/vhosts/XXXXX

When I disable /etc/pam.d/crond the error messages becomes more clearly…

/usr/sbin/cron[3426]: pam_warn(crond:account): function=[pam_sm_acct_mgmt] service=[crond] terminal=[cron] user=[crawler-cebian] ruser=<unknown>] rhost=<unknown>]
/usr/sbin/cron[3426]: Authentication failure

On 10/22/2010 10:36 AM, awiese2007 wrote:
>
> When I disable /etc/pam.d/crond the error messages becomes more
> clearly…
>
>> /usr/sbin/cron[3426]: pam_warn(crond:account):
>> function=[pam_sm_acct_mgmt] service=[crond] terminal=[cron]
>> user=[crawler-cebian] ruser=<unknown>] rhost=<unknown>]
>> /usr/sbin/cron[3426]: Authentication failure

As Carlos mentioned, create a script and put the commands there.

Like so:

#!/bin/bash
cd /srv/www/vhosts/XXXXXXXX/private/reportcreator/esw
php createreports.php &> /dev/null

Save it in /root/bin

Then just run it under roots crontab.

Or change the api-cebian account so it can log in and save the crontab
in /home/api-cebian/bin.

The issue was related to pam. I re-configured it to just check whether the cron process has been started by root and if the user-id
of the cronjob is a valid local user (no password or session check)…and it works :slight_smile:

thanks.

On 2010-10-25 14:06, awiese2007 wrote:
>
> The issue was related to pam. I re-configured it to just check whether
> the cron process has been started by root and if the user-id
> of the cronjob is a valid local user (no password or session
> check)…and it works :slight_smile:

Please post how exactly, so that others that read this know how to do it.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

sure :slight_smile:

I did edit the /etc/pam.d/crond configuration file to look like this:

The PAM cofiguration file for the cron daemon

auth required pam_rootok.so
account required pam_localuser.so
session required pam_loginuid.so