How to run a cron job using the sudo command
Solution 1
I won't get into how much this is a bad idea; simply put, running sudoin crontab requires your password to be stored somewhere in plaintext.
It's a bad idea.
The following is the preferred method of running administrative tasks through cron. Since you don't really need to write sudo in the crontab, if you are modifying root's crontab.
Use root's crontab
Run the following command:
sudo crontab -e
This opens up root's crontab. sudo is not necessary to run your command in this context, since it'll be invoked as root anyway.
Therefore, you would simply append the following to root's crontab.
@hourly rm somefile
Now, if you absolutely want to be unsafe and take risks with your password, the following will run your command from your own crontab, and enter your password automatically when prompted by sudo.
Again, this is not recommended.
In your own crontab, write your command like so:
@hourly echo "password" | sudo -S rm somefile
The obvious disadvantage here is that, should anyone ever access your crontab, your password will be readable in plaintext.
You shouldn't do this.
Solution 2
If you are putting the script from one of the cron directories (/etc/cron.*) then you don't need to use sudo as that is running as root.
If you are using crontab, then you will want to use root's crontab. This will run it as root, and also not need sudo.
sudo crontab -e
Solution 3
Run following command in terminal
sudo visudo
Added the following line to the end of the file:
vidyadhar ALL= NOPASSWD: /bin/rm
In the above example vidyadhar is the username and it will not ask for password if you are running rm command through vidyadhar.
Solution 4
Sometimes it is necessary for root to execute a command as a specific user of the system. For example, with borgbackup, it is common to have root check the warehouse using the borg user. if the task must be executed once a day, we will use the /etc/cron.daily folder, like that:
# cat /etc/cron.daily/borgbackup_check
#!/bin/bash
sudo -u borg borg check /borgbackup >> /var/log/borgbackup.log
where "-u borg" is used take the identity of the borg user, "borg" is the borg command and "/borgbackup" is the wharehouse.
Related videos on Youtube
12 : 47
18 : 51
05 : 21
sayem siam
Updated on September 18, 2022Comments
-
sayem siam 3 months
-
Admin over 10 yearsWelcome Sayem Siam, Have a look at the answers to this question askubuntu.com/questions/2368/how-do-i-setup-cron-job. as I think your question has been asked before here on AU -
Admin over 10 yearsI am trying to execute sudo which needs password but how can i giv password from cron file
-
Admin about 9 years@sayemsiam you don't need to put sudo, just edit the root crontab.
-
Admin almost 5 yearsSee this answer.
-
-
SirCharlo over 10 yearsHmm.. Then any malicious command, likesudo rm -rf 'slash'(don't run that command), run from that user, would require no password.. I don't know, it feels unsafe, no? -
Vidyadhar over 10 yearsYa i know it. Your approach is good. But I am using above approach for giving rights to other user to stop/start certain services. -
SirCharlo over 10 yearsGlad it works! Just be wary of any security holes you leave behind.. They might come back later to haunt you.
-
Eliah Kagan over 10 years@SirCharlo Why useroot's user crontab instead of the systemwide crontab/etc/crontab? -
SirCharlo over 10 years@Elijah why not?
-
John S Gruber over 10 yearsI would also place the command in /etc/cron.hourly/something. That's what these directories are for. -
tgm4883 over 10 yearsNo. You could put it in /etc/cron.SOMETHING/SCRIPT, but I wouldn't do both. Both would give roughly the same function, although using crontab you would have a bit more power over how often/when things run. -
John S Gruber over 10 yearsI should have made clear that I meant that as an alternative. Thanks.
-
Wernfried Domscheit over 6 yearsMaybevidyadhar ALL= NOPASSWD: /bin/rm somefilewould be more secure. -
brent almost 5 yearsThis answer misses the mark because it glosses over the subtleties available in yoursudoersfile, like sudo groups without a password requirement. -
R J over 4 yearsThis is a terrible idea. You gave blanket sudo permissions to rm. Instead, give sudo permissions to a script your comand, including rm or others in that script, make it executable, then give sudo permissions to that script.<username> ALL=(ALL) NOPASSWD: /home/<username>/bin/<script>, which would be much safer. -
Nasser Mansouri over 4 yearsvery very useful point, thanks for great help.
-
Admin about 4 yearsThis is not "an extremely bad idea", please stop with the useless hyperbole. Obviously giving a user the same amount of power as root will make it just as dangerous as root. This is perfect for a dedicated backups user, or other user account whos access is as tightly controlled as root.
-
Lorenzo about 1 yearRoot's crontab is the best solution, it's explicitly for commands that require sudo so I don't see why you would even want to put your password in clear text whatsoever.