How it this program "running itself" with root priviledges?

Hi
I installed rkhunter using yast and use it often; e.g. I find it useful to run after online updates to see what it shows to have changed then I do

sudo rkhunter --propupd

But I caught it running again today without my starting it (saw it using top). There are no crontab entries for root or myself as a user and running

sudo systemctl status *timer

only shows btrfs maintenance processes and other maintenance processes listed to run. There is however a script…

> ls -l /etc/cron.daily/suse.de-rkhunter
-rwxr-x--- 1 root root 2029 Feb 26  2021 /etc/cron.daily/suse.de-rkhunter

Presumably this came with my installation of rkhunter? I like rkhunter and don’t have a big problem with it running itself as it is well-behaved and writes to its log file so I can check up if it found anything (but I have not configured email warnings so daily runs do not really help much either). But I’m not good with scripting and don’t see how this script runs it with root privileges. I wonder what else might be running as root?
Any pointers please?

It is easy. All things from /etc/cron.daily and friends are started from /etc/crontab

boven:/etc # cat /etc/crontab
SHELL=/bin/sh
PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin
MAILTO=root
#
# check scripts in cron.hourly, cron.daily, cron.weekly, and cron.monthly
#
-*/15 * * * *   root  test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons >/dev/null 2>&1

boven:/etc #

And /etc/crontab is the sytem crontab that runs for the system and thus with root as owner.

And of course, when you do not want it run from cron.daily, remove it from the /etc/cron/daily file. But beware, an update of the package could install it anew.

Correction

> sudo cat /etc/crontab
SHELL=/bin/sh
PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin
MAILTO=root
#
# check scripts in cron.hourly, cron.daily, cron.weekly, and cron.monthly
#
-*/15 * * * *   root  test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons >/dev/null 2>&1



But does this mean that anything in the cron hourly, daily weekly or monthly folders with root privileges will be run as root?

Okay I got that now
Thanks Henk

Just a secondary comment on above.

yast - software management - extras - show history gives a detailed history of all files installed and deleted daily since the system was installed. I find this very helpful for finding problem installs, etc. Might be useful to you.