2

I want to run a crontab command every 5 mins that executes a py script. The py script inturn generates a log file with midnight rotation within /var/www/logs/.The logs dir has 777 permission.

The log file has midnight rotation and when new file is created,it creates as root owner.How to ensure the ownership stays as www-data as some other scripts also write to the same file and having root ownership causes permission issue for other scripts.

One way is to put the command in,

crontab -u www-data -e

This works fine, but i want to maintain all my cron commands under root user.

I tried doing the same with sudo, but it creates with root as owner which not what i want.

ns15
  • 121
  • 1
  • 4
  • 1
    "The logs dir has 777 permission." I stopped reading here. Fix that 1st. /etc/crontab can be used to execute scripts with a user as the one starting it. – Rinzwind Jan 24 '18 at 11:18
  • how does that cause any problem? – ns15 Jan 24 '18 at 11:20
  • @shadow0359 Anyone (any process) can delete your files, for example. – Melebius Jan 24 '18 at 13:58
  • “The log file has midnight rotation and when new file is created,it creates as root owner.” How is the new file created? Or more precisely, who does create it? – Melebius Jan 24 '18 at 14:10
  • 1
    You can configure to run the python script using cron. But to rotate logs preserving www-data as the file owner check /etc/logrotate.conf and add a block of setting regarding your log file. – M. Dm. Jan 24 '18 at 15:03

3 Answers3

1

So you want to have

  • all your crontabs in one place under root
  • execute some python code every 5 minutes
  • execute the script with user www-data

Since su is not available for www-data as discussed in the comments one can use sudo instead if it is available on the system. From the man page it says

sudo, sudoedit — execute a command as another user

In your case this would mean you use

sudo crontab -e

to edit your crontab as user root. Inside crontab prepend sudo -u www-data python command to execute python ad user www-data.

*/5 * * * * sudo -u www-data python /my/python/log/script.py
ukos
  • 724
  • su not available for www-data.I tried with sudo but the new file got created with root ownership – ns15 Jan 24 '18 at 11:51
  • I see. Use cat /etc/passwd | grep www-data to see properties of www-data. I would not change that. can you create a new user like www-log with command 
         **adduser --system --no-create-home --disabled-login --ingroup www-data www-log**

    and use this one?

     – ukos Jan 24 '18 at 12:01
  • i want the user to be www-data since other scripts are run by apache – ns15 Jan 24 '18 at 12:03
  • sudo worked for me. sudo -u www-data echo 1 – ukos Jan 24 '18 at 12:06
  • so ownership is www-data in your case? – ns15 Jan 24 '18 at 12:19
  • sudo in cron? Don’t do that. Moreover, there is a straightforward way, see my answer. – Melebius Jan 24 '18 at 14:18
  • The link you postet refers to a sudo operation to become root. If you instead are root I don‘t see why this should be a problem. There is no password required – ukos Jan 24 '18 at 15:21
  • @user8162 Another example: https://unix.stackexchange.com/questions/49077/why-does-cron-silently-fail-to-run-sudo-stuff-in-my-script There are more things that can fail. – Melebius Feb 07 '18 at 15:15
  • I still don’t get it. Could you elaborate? – ukos Feb 07 '18 at 22:40
1

More a workaround but you could also let your script be running as root as it is and let the file to be created by root. And than just add in the end

 && sudo chown www-data <your Log file>

to finally transfer the ownership of the file to www-data.

(If there are more files than you probably also are interested in the -R flag for "recursive" to run chown on an entire folder and it's content)

derHugo
  • 3,356
  • 5
  • 31
  • 51
1

I want to maintain all my cron commands under root user.

To maintain all cron jobs (which can be run as various users) in one place, forget the crontab command and edit the system-wide crontab in the file /etc/crontab instead, or add your own crontab to the directory /etc/cron.d. As you expected, it will require root access.

These files look much like any other crontabs but they include the username column, so you can just specify the target user and do not have to use sudo or such things.

Keep in mind that unlike the command crontab, you are directly editing the system configuration files, so your changes won’t be checked after you exit the editor. So please edit them with enough attention.

Melebius
  • 11,431
  • 9
  • 52
  • 78
  • for whatever reason, @shadow0359 wanted to maintain all cron commands under root and not in the user section of crontab or crontab.d. Editing /etc/crontab is not a good idea though. – ukos Feb 05 '18 at 16:42