16

I'm trying to use cron to automate my system updates. You can see my crontab, commands, and resulting errors below.

When I run upgrades.sh as root, the script runs fine. When cron runs it, apt-get -y update runs no problem, but aptitude -y safe-upgrade fails. I'm guessing this error: debconf: (This frontend requires a controlling tty.) is because there is a kernel update which in turn updates grub, which requires my explicitly saying it's okay to overwrite /boot/grub/menu.lst. But I don't understand the path errors. And I'd like the updates that don't require my supervision to go through.

I have read through this question and it's as yet unaccepted solution of unattended-upgrades, and I may end up using it, but why can't I use cron? Seems like it should be really simple, and more linuxy.

Crontab

root@daedalus:~/bin# crontab -l
# m h  dom mon dow   command
45 06 * * * ~/bin/upgrades.sh

upgrades.sh

root@daedalus:~/bin# cat upgrades.sh 
#!/bin/bash
/usr/bin/apt-get -y update
/usr/bin/aptitude -y safe-upgrade

Errors

debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Teletype
dpkg-preconfigure: unable to re-open stdin:
Fetched 37.6MB in 4min 23s (143kB/s)
dpkg: warning: 'ldconfig' not found on PATH.
dpkg: warning: 'start-stop-daemon' not found on PATH.
dpkg: warning: 'update-rc.d' not found on PATH.
dpkg: 3 expected program(s) not found on PATH.
NB: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin.
E: Sub-process /usr/bin/dpkg returned an error code (2)
A package failed to install.  Trying to recover:
dpkg: warning: 'ldconfig' not found on PATH.
dpkg: warning: 'start-stop-daemon' not found on PATH.
dpkg: warning: 'update-rc.d' not found on PATH.
dpkg: 3 expected program(s) not found on PATH.
NB: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin.
Reading package lists...
Building dependency tree...
Reading state information...
Reading extended state information...
Initializing package states...
Writing extended state information...
Community
  • 1
djeikyb
  • 30,245

4 Answers4

15

Although your main problem has already been answered, it looks like you're getting debconf warnings because you're running apt-get without an interactive tty. To get rid of these messages, you can set this environment variable:

DEBIAN_FRONTEND=noninteractive
TrinitronX
  • 3,254
10

The messages are telling you that your PATH environment variable is wrong.

Try adding

PATH=/usr/bin:/bin:/usr/sbin:/sbin

to the top of your crontab.

Or you could put the same PATH line as the second line of ~/bin/upgrades.sh. That way your test from the command line and your test from crontab should produce the same results.

Mikel
  • 6,558
  • I see. I put the command into a script mistakenly thinking the #!/bin/bash line would load root's normal path. Obviously I was wrong. So what determines a user's default path in the first place, and how is it applied? – djeikyb Jan 29 '11 at 01:16
  • Why doesn't cron take on the path of the user? Is it better to add path to crontab or my script? Are there disadvantages? – djeikyb Jan 29 '11 at 01:18
  • It is supposed to be for security reasons, but I agree, it's annoying. 1) If you put it in your script, you could put PATH=... in a file, e.g. ~/.env, and source it from every script you write using . ~/.env near the top of the script. Then if you change your PATH you only have to edit one file. 2) If you put it in crontab, it means you don't have to edit all your cron scripts, but you will have two places to edit if you want to change your PATH (e.g. ~/.bashrc and crontab). Which is better is up to you. – Mikel Jan 29 '11 at 01:32
  • Cool. I guess my question is, why is it insecure? I'm googling right now, but haven't come up with anything yet. Anyway, I've made the changes, and I'll mark as answered tomorrow morning when it runs, just in case something else goes wonky. – djeikyb Jan 29 '11 at 01:36
  • I wish I knew too. If there is a reason, neither the documentation nor the cron source code say what it is. In theory it could have been to force a consistent environment so you could copy a crontab from one user to another, but only PATH gets changed, so that can't be the reason. – Mikel Jan 29 '11 at 01:58
  • Remember to mark as answered the other question, too ;) – luri Jan 29 '11 at 02:06
  • Environment variables could be set and affect the running of cron hours later, providing a way to attack through the running of a cron job. This is a very old attack which was mitigated by eliminating almost all of the user's environment for cronjobs; check the manpages for more details. However, searching Google, I can't find anything on the security risk of the cron environment. – Mei Nov 22 '11 at 02:22
1

There is a community wiki page: Reason why crontab does not work. In this case, it seems as though the cause is cron's limited environment variables. Can you run this from a shell script in /etc/cron.daily?

Community
  • 1
0

From CronHowto:

Depending on the commands being run, you may need to expand the root users PATH variable by putting the following line at the top of their crontab file:

PATH=/usr/sbin:/usr/bin:/sbin:/bin

But in fact, everything seems to be fine doing the same as you.... Where did you fetch those errors from?

CRONTAB:

root@PORTATIL:/var/log$ crontab -l
* * */2 * * /usr/share/myupdate.sh > /var/log/myupdate.log

SCRIPT:

root@PORTATIL:/etc# cat /usr/share/myupdate.sh 
#!/bin/bash
#Testing updates
apt-get update -y
apt-get upgrade -y

LOG:

root@PORTATIL:/etc# cat /var/log/myupdate.log 

Hit http://security.ubuntu.com lucid-security Release.gpg
Hit http://archive.canonical.com lucid Release.gpg
Hit http://archive.canonical.com lucid Release.gpg
Hit http://packages.medibuntu.org lucid Release.gpg
Get:1 http://dl.google.com stable Release.gpg [197B]
Hit http://ppa.launchpad.net lucid Release.gpg
Hit http://ppa.launchpad.net lucid Release.gpg
Hit http://ppa.launchpad.net lucid Release.gpg
Hit http://security.ubuntu.com lucid-security Release
Hit http://badgerports.org lucid Release.gpg
Hit http://archive.canonical.com lucid Release
Hit http://ppa.launchpad.net lucid Release.gpg
Hit http://ppa.launchpad.net maverick Release.gpg
Hit http://ppa.launchpad.net lucid Release.gpg
Hit http://ppa.launchpad.net lucid Release.gpg
Hit http://ppa.launchpad.net lucid Release.gpg
Get:2 http://dl.google.com stable Release [1347B]
Hit http://security.ubuntu.com lucid-security/main Packages
Hit http://ppa.launchpad.net lucid Release
Hit http://ppa.launchpad.net lucid Release
Hit http://packages.medibuntu.org lucid Release
Hit http://download.virtualbox.org lucid Release.gpg
Hit http://archive.canonical.com lucid Release
Hit http://linux.dropbox.com lucid Release.gpg
Get:3 http://dl.google.com stable/main Packages [1110B]
Hit http://security.ubuntu.com lucid-security/restricted Packages
Hit http://security.ubuntu.com lucid-security/main Sources
Hit http://security.ubuntu.com lucid-security/restricted Sources
Hit http://security.ubuntu.com lucid-security/universe Packages
Hit http://security.ubuntu.com lucid-security/universe Sources
Hit http://ppa.launchpad.net lucid Release
Hit http://ppa.launchpad.net lucid Release
Hit http://ppa.launchpad.net maverick Release
Hit http://ppa.launchpad.net lucid Release
Hit http://ppa.launchpad.net lucid Release
Hit http://badgerports.org lucid Release
Hit http://archive.canonical.com lucid/partner Packages
Hit http://security.ubuntu.com lucid-security/multiverse Packages
Hit http://security.ubuntu.com lucid-security/multiverse Sources
Hit http://ppa.launchpad.net lucid Release
Hit http://packages.medibuntu.org lucid/free Packages
Hit http://download.virtualbox.org lucid Release
Hit http://es.archive.ubuntu.com lucid Release.gpg
Hit http://linux.dropbox.com lucid Release
Hit http://archive.canonical.com lucid/partner Packages
Hit http://ppa.launchpad.net lucid/main Packages
Hit http://ppa.launchpad.net lucid/main Packages
Hit http://es.archive.ubuntu.com lucid-updates Release.gpg
Hit http://badgerports.org lucid/main Packages
Hit http://ppa.launchpad.net lucid/main Packages
Hit http://ppa.launchpad.net lucid/main Packages
Hit http://ppa.launchpad.net maverick/main Packages
Hit http://ppa.launchpad.net lucid/main Packages
Hit http://ppa.launchpad.net lucid/main Packages
Hit http://packages.medibuntu.org lucid/non-free Packages
Hit http://linux.dropbox.com lucid/main Packages
Hit http://es.archive.ubuntu.com lucid Release
Hit http://download.virtualbox.org lucid/contrib Packages
Hit http://ppa.launchpad.net lucid/main Packages
Hit http://es.archive.ubuntu.com lucid-updates Release
Hit http://es.archive.ubuntu.com lucid/main Packages
Hit http://es.archive.ubuntu.com lucid/restricted Packages
Hit http://es.archive.ubuntu.com lucid/main Sources
Hit http://es.archive.ubuntu.com lucid/restricted Sources
Hit http://es.archive.ubuntu.com lucid/universe Packages
Hit http://es.archive.ubuntu.com lucid/universe Sources
Hit http://es.archive.ubuntu.com lucid/multiverse Packages
Hit http://es.archive.ubuntu.com lucid/multiverse Sources
Hit http://es.archive.ubuntu.com lucid-updates/main Packages
Hit http://es.archive.ubuntu.com lucid-updates/restricted Packages
Hit http://es.archive.ubuntu.com lucid-updates/main Sources
Hit http://es.archive.ubuntu.com lucid-updates/restricted Sources
Hit http://es.archive.ubuntu.com lucid-updates/universe Packages
Hit http://es.archive.ubuntu.com lucid-updates/universe Sources
Hit http://es.archive.ubuntu.com lucid-updates/multiverse Packages
Hit http://es.archive.ubuntu.com lucid-updates/multiverse Sources
Fetched 2654B in 1s (1628B/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
luri
  • 4,112
  • My errors come from the cron job log mailed to me. I'm running 10.04, same as you. Strange.. – djeikyb Jan 29 '11 at 01:57
  • Thre must be some cron configuration file setting a restrictive PATH... I'm not having problems right now. – luri Jan 29 '11 at 02:35