How does cron know that it is supposed to source your ~/.bash_profile?
You are exporting variables that might not have any value assigned to it, when it runs as a cronjob.
Assign the values you have in ~/.bash_profile or source your ~/.bash_profile.
Hi all,
I have a main script (called OracleCleanup) that runs some sql queries. that runs off a wrapper script which contains the sources for the login information and and JOB_HOME (the script is below). When I schedule this job in the cron the log says that it cannot open my list file, which... (4 Replies)
I want to create an automated script which is called by another maually executed script.
The condition is that the no one should be able to manually execute the automated script.
The automated script can be on the same machine or it can be on a remote machine.
Can any one suggest a check in the... (1 Reply)
I am trying to run a sript on cron to SFTP data to a company. Private and public keys are set up.
When I run this manully it works fine, however it was failing when run on cron. I have narrowed down the problem - it fails at the code that says if the error code is 0 then continue
. . . I... (2 Replies)
My shell script runs fine both as a cron job and when i issue it.
However, I wish to differentiate when it runs as a cron-job so the "echo" statements are not issued (they get mailed to me, which i don't want).
I tried checking $USER but since the cron was created in my user that does not... (5 Replies)
Hey all,
Just wanted to get some input on a script I am using to import files into a MySQL database.
The process is pretty simple: my main server exports these files and FTPs them. I have a script that FTPs them to the machine running that runs this script. The FTP script runs without issue... (2 Replies)
Hi,
The following shell script runs without any problem when executed manulally.
USED=$(df -h /arch | tail -1 | awk '{print $5}' | cut -d '%' -f 1)
if
then
find /arch/AUBUAT/ -type f -mtime +0 | xargs rm
find /arch/AUBMIG/ -type f -mtime +0 | xargs rm
fi
But the same gives below... (6 Replies)
Hello Every one,
I have a shell script which is running fine manually, but its giving me hard time when running tru cron job. :wall:.
Am using #!/usr/bin/ksh
>echo $SHELL
/usr/bin/ksh
Cron Job is as below, it execues but dosent do what i want it to do.
47 15 * * *... (1 Reply)
Hi,
My shell script not getting called through cron job.
The same works fine when executed manually.
I tried to generate logs to find if the scripts has some errors related to path using following command- trying to execute .sh file every 5 mins:
*/5 * * * * /home/myfolder/abc.sh... (17 Replies)
I get a different output when i manually run the .sh script and when it is run by a cron job. Please help me ..
TMP1="/lhome/bbuser/script/wslog/sar.t1"
TMP2="/lhome/bbuser/script/wslog/sar.t2"
TMP3="/lhome/bbuser/script/wslog/sar.t3"
OUTPUT="/lhome/bbuser/script/wslog/sar.out"... (8 Replies)
Hello gurus,
I am making what I think is a simple db2 call from within a shell script but I am having difficulty producing the desired
report when I run the script shown below from a shell script in cron. For example, my script and the crontab file setup
is shown below:
#!/bin/ksh
db2... (3 Replies)
Discussion started by: okonita
3 Replies
LEARN ABOUT CENTOS
cronjob_selinux
cronjob_selinux(8) SELinux Policy cronjob cronjob_selinux(8)NAME
cronjob_selinux - Security Enhanced Linux Policy for the cronjob processes
DESCRIPTION
Security-Enhanced Linux secures the cronjob processes via flexible mandatory access control.
The cronjob processes execute with the cronjob_t SELinux type. You can check if you have these processes running by executing the ps com-
mand with the -Z qualifier.
For example:
ps -eZ | grep cronjob_t
ENTRYPOINTS
The cronjob_t SELinux type can be entered via the user_cron_spool_t, shell_exec_t file types.
The default entrypoint paths for the cronjob_t domain are the following:
/var/spool/at(/.*)?, /var/spool/cron, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/zsh.*, /usr/bin/ksh.*, /bin/esh,
/bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/sash, /usr/bin/tcsh, /usr/bin/yash,
/usr/bin/fish, /usr/bin/mksh, /usr/bin/bash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly,
/usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell
PROCESS TYPES
SELinux defines process types (domains) for each process running on the system
You can see the context of a process using the -Z option to ps
Policy governs the access confined processes have to files. SELinux cronjob policy is very flexible allowing users to setup their cronjob
processes in as secure a method as possible.
The following process types are defined for cronjob:
cronjob_t
Note: semanage permissive -a cronjob_t can be used to make the process type cronjob_t permissive. SELinux does not deny access to permis-
sive process types, but the AVC (SELinux denials) messages are still generated.
BOOLEANS
SELinux policy is customizable based on least access required. cronjob policy is extremely flexible and has several booleans that allow
you to manipulate the policy and run cronjob with the tightest access possible.
If you want to deny any process from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by
default.
setsebool -P deny_ptrace 1
If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.
setsebool -P domain_fd_use 1
If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by
default.
setsebool -P domain_kernel_load_modules 1
If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.
setsebool -P fips_mode 1
If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.
setsebool -P global_ssp 1
If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.
setsebool -P nis_enabled 1
MANAGED FILES
The SELinux process type cronjob_t can manage files labeled with the following file types. The paths listed are the default paths for
these file types. Note the processes UID still need to have DAC permissions.
user_home_t
/home/[^/]*/.+
user_tmp_t
/var/run/user(/.*)?
/tmp/hsperfdata_root
/var/tmp/hsperfdata_root
/tmp/gconfd-.*
COMMANDS
semanage fcontext can also be used to manipulate default file context mappings.
semanage permissive can also be used to manipulate whether or not a process type is permissive.
semanage module can also be used to enable/disable/install/remove policy modules.
semanage boolean can also be used to manipulate the booleans
system-config-selinux is a GUI tool available to customize SELinux policy settings.
AUTHOR
This manual page was auto-generated using sepolicy manpage .
SEE ALSO selinux(8), cronjob(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)cronjob 14-06-10 cronjob_selinux(8)