Cronjob And Sudo

Home » CentOS » Cronjob And Sudo
CentOS 7 Comments

I need to remove empty files out of a directory that are over 6 hours old so I created this script and put it in cron.hourly.

#!/bin/sh cd /var/list sudo -u matt find /var/list -mmin +360 -empty -user matt -exec rm {} \;

I want to run it as matt rather than root for just an added bit of safety. Problem is I get this.

“sudo: sorry, you must have a tty to run sudo”

Is there another way to do this? As I understand the reason for this is requiretty in sudo config. If that improves security I would rather not change that setting.

7 thoughts on - Cronjob And Sudo

  • What if you did not use sudo at all? Say in cron.d:

    0 * * * * matt /usr/local/bin/deletecrap> /dev/null 2>&1

  • Did you try to use su instead? E.g., in my /etc/rc.local I have a bunch of stuff run on behalf of users other than root. Like:

    /bin/su lmgrd -c ‘export IDL_DIR=/usr/local/opt/flexlm/idl;/usr/local/opt/flexlm/idl/bin/lmgrd -c
    /usr/local/opt/flexlm/licenses/license.dat -l /var/log/flexlm/idl.log >
    /dev/null 2>&1’

    Valeri

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++

  • For what it’s worth, we no longer have requiretty in the package in Fedora, so eventually that change will probably make it down to CentOS. Overall, security benefit vanishingly small and inconvenience high.

    I do think that the suggestion of using /etc/cron.d and cron’s own user feature is better in this case, though.

  • As a second thought (which should have been firth thought), you may be able to just add cron job for that user (if that user isn’t deprived the ability to have cron jobs). Assuming you are root, edit that user’s crontab:

    crontab -u matt

    and either put that single long command line in user’s crontab (note, you also need to specify time parameters, take a look into man crontab) or point to script (which should be readable and executable by that user).

    Valeri

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++