How do I run a command as a different user from a root cronjob?

33,779

Solution 1

su --shell=/bin/bash --session-command="/path/to/command -argument=something" username &

Works for me (CentOS)

Solution 2

Use su instead of sudo:

su -c "rsync ..." apache

Solution 3

By default on RHEL, sudo isn't allowed for processes without a terminal (tty). That's set in /etc/sudoers.

You can allow tty-less sudo for particular users with these instructions:

https://serverfault.com/questions/111064/sudoers-how-to-disable-requiretty-per-user

Solution 4

If you want to permanently enable you to fiddle around as apache:

chsh apache

this allows you to change the shell for the user

Solution 5

place it in /etc/crontab and specify apache instead of root in the user field

Share:
33,779

Related videos on Youtube

rob
Author by

rob

Updated on July 09, 2022

Comments

  • rob
    rob almost 2 years

    I seem to be stuck between an NFS limitation and a Cron limitation.

    So I've got root cron (on RHEL5) running a shell script that, among other things, needs to rsync some files over an NFS mount. And the files on the NFS mount are owned by the apache user with mode 700, so only the apache user can run the rsync command -- running as root yields a permission error (NFS being a rare case, apparently, where the root user is not all-powerful?)

    When I just want to run the rsync by hand, I can use "sudo -u apache rsync ..." But sudo no workie in cron -- it says "sudo: sorry, you must have a tty to run sudo".

    I don't want to run the whole script as apache (i.e. from apache's crontab) because other parts of the script do require root -- it's just that one command that needs to run as apache. And I would really prefer not to change the mode on the files, as that will involve significant changes to other applications.

    There's gotta be a way to accomplish "sudo -u apache" from cron??

    thanks! rob

    • Robert Deml
      Robert Deml almost 15 years
      Might be better served by moving this to SuperUser.com.
    • BryKKan
      BryKKan over 6 years
      This is an old question, but still found it pretty high in search ranks, and none of the answers address why root permissions didn't apply to the NFS mount. For anyone else stumbling on this, the reason is root_squash. This blog has a pretty decent explanation for why that option is necessary and usually set by default. fullyautolinux.blogspot.com/2015/11/…
  • rob
    rob almost 15 years
    Yes! But no. The apache user does not have a regular login shell, so the su -c syntax only returns "This account is currently not available". And altering the apache user's passwd entry for this purpose seems like a bad idea. Hm, I guess this question should be titled "How do I run a command as the apache user from a root cronjob?" And maybe it can't be done without introducing security holes?
  • Jukka Matilainen
    Jukka Matilainen almost 15 years
    Does it help if you explicitly specify the shell to be used with the -s switch (for example -s /bin/sh)? At least on Ubuntu this seems to help if the user in question does not have a valid shell in /etc/passwd.
  • Steve Tauber
    Steve Tauber almost 12 years
    I had to add export TERM=xterm; before my command inside the --session-command variable. Thus, I ended up with su --shell=/bin/bash --session-command="export TERM=xterm; /path/to/command -argument=something" username &
  • Lambart
    Lambart over 10 years
    Does not work on Ubuntu (12.04) as the su command doesn't support the --session-command option.
  • NoelProf
    NoelProf over 10 years
    to clarify the answer, in root's crontab, add the su --shell=/bin/bash --session-command="/path/to/command -argument=something" username