gpg on cron task

Henry Hertz Hobbit hhhobbit7 at netscape.net
Tue Feb 7 05:10:23 CET 2006 

"enediel gonzalez" <enediel at hotmail.com> wrote:

> Hello:
> 
> I use debian sarge and I need to encrypt and decrypt
> automatically backup files using gpg
>
> I created a php script will the whole procedure, which
> includes the following declaration
>
> <?php
>  .......
>
>
> $str_execute = "cd /tmp/backup && \
> /bin/echo apassword | /usr/bin/gpg -se \
> --passphrase-fd 0 -r enediel at hotmail.com \
> /tmp/backup/$filename";
>  exec($str_execute);
>
>?>
>
> enediel at hotmail.com is included into the trusted
> chain for the root user.
>
> When I execute the script manually as root, I
> obtain the encrypted file, but if I put the same
> script as a cron's task, the whole script works
> perfectly except the encryption process, and I not
> receive any error.
> 
> I'll appreciate if somebody help me with that,
> basically what I need is to encrypt and decrypt
> specific files automatically using gpg.
>
> Thanks in advance for any answer
> Enediel
> Linux user 300141
> Debian GNU/Linux

First, I question why you are doing this as root rather than
as a normal user, since you can make it for a normal user to
use cron.  I also don't like php (would prefer Korn Shell or
PERL), but since you say it works interactively we will drop
that for a while (we will come back to it).

1. When you do a (without the quotes), "crontab -l" how does
   the entry show up?  What I am getting at is WHERE DOES THE
   OUTPUT OF STDOUT AND STDERR go?  This can reveal a lot.  I
   ALWAYS log the stdout and stderr to cron log file.

2. I am also assuming you have cron turned on.  If you do a
   "ps -eadf | grep cron" and you don't have a crond showing,
   then cron isn't running.  You will have to activate it.
   More than one version of Linux (I haven't used Debian
   since it has never installed on my hardware - too new)
   doesn't have cron on and depends on anacron for everything.

3. Okay, we have come back to it.  One of the very first things
   I do on a Linux box I am setting up is to find all of the dirs
   in the $PATH, and then I go change /etc/profile to HARD SET the
   dirs in the $PATH in the order I want them.  This always puts
   the following  dirs first:  /usr/local/sbin:/usr/local/bin
   with the other dirs in the order that they should be in. The
   problem is, a cron'd job invariably does NOT get the full
   path since /etc/profile is NOT guaranteed to be sourced.
   Since it looks like your script is using the full path for
   all of the commands executed this is probably not a problem.
   I am just warning you - it CAN be a problem.

4. In addition to the PATH environment variable, there
   are a LOT of other environment variables that frequently
   don't get set by a cron job, that are set in a shell.
   A simple shell script that is run interactively, then
   via cron can show anything that is different by having
   both doing an env to a file.  For that matter, it can
   show whether or not cron is working (start with something
   simpler first).  You didn't say whether you have tons of
   other stuff working with cron(I am assuming you do). I
   still would be a lot happier with either a Bourne shell
   script (run with either bash or ksh).

What I suspect is one of the environment variables that are
there in interactive mode are not there in cron.  Most notably
something that should be specified with the "--homedir ..."
option.

HHH


__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp

More information about the Gnupg-users mailing list