Home » Questions » Computers [ Ask a new question ]

How to use crontab to run a script as nobody

How to use crontab to run a script as nobody

This is on a CentOS machine. I'm trying to run a script as user nobody (or as a user with minimal permissions) at a certain time every day. Here is nobody:

Asked by: Guest | Views: 285
Total answers/comments: 2
Guest [Entry]

"I'm guessing you are posting the contents of crontab -e or crontab -l?

This is the crontab file beloning to user ""root"", and that file does not support specifying a user to run the command as (as it's generally a file used for scheduling personal jobs).
Look at /etc/crontab instead which is the system-wide crontab and has an additional field: the user field. Try adding a line like this to /etc/crontab:

15 17 * * * nobody /usr/local/bin/bashscript.sh"
Guest [Entry]

"Actually clawspoon lead me to the answer, but let me create my own, more complete answer so it can float to the top.

I don't know how common it is, but some online Ubuntu documentation says that /etc/crontab can be overwritten upon upgrade, and the preferred solution is to create a file called /etc/cron.d/anything (where anything can be, well, anything. Any filename)

I've created a file called /etc/cron.d/nobody and I'm putting the scripts to run as a non-privileged user. example lines:

# run the following every day at 01:02 AM
02 01 * * * nobody /usr/local/bin/script-to-run-as-nobody.sh

I've put a comment in root's crontab for others to follow, as day to day crontab jobs are currently all being run from there. Not exactly the best practice.

Also, for testing purposes, I need to first run the job via the command line. since I have sudo privlages, I use:

$ sudo -u root sudo -u nobody /usr/local/bin/script-to-run-as-nobody.sh

If that script needs to output to /dev/stderr or /dev/stdout, then do the following:

$ chmod o+w /dev/ttyp1

and do a:

$ chmod o-w /dev/ttyp1

when you are finished testing to prevent just anyone from sending junk to your terminal screen. (the actual terminal you are using may differ from /dev/tty1, so do a $ ls -ltr /dev/tty*|grep username to find out which one is yours)."