possible bug... cron job related

Discussion in 'General' started by manarak, Dec 20, 2010.

  1. manarak

    manarak Member

    I tried to setup an cronjob, and apparently it doesn't work.

    I searched a bit in the logs and found the following three lines is auth.log:

    server2 usermod[17924]: change user 'web7' home from '/var/www/clients/client2/web7' to '/var/www/clients/client2/web7/./var/www/clients/client2/web7'

    server2 usermod[17924]: change user 'web7' shell from '/bin/false' to '/usr/sbin/jk_chrootsh'

    server2 usermod[17924]: change user 'web7' home from '/var/www/clients/client2/web7/./var/www/clients/client2/web7' to '/var/www/clients/client2/web7/./home/web7'

    looks very strange to me

    then a bit later:

    server2 jk_chrootsh[22742]: path /var/www/clients/client2/web7/./home/web7 is not owned by user 5008

    server2 jk_chrootsh[22742]: path /var/www/clients/client2/web7/./home/web7 is not owned by group 5005

    server2 jk_chrootsh[22742]: abort, path /var/www/clients/client2/web7/./home/web7 is not owned by 5008
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Moved your post to ispconfig 3 forums.

    The lines above are ok. You enabled chrooting for the user and the lines are the usermod changes required for a chrooted enviroment.

    Cronjobs are working fine in ispconfig, so it dont think you found a bug. Most likely you try to execute a command which is not inside the jail.
  3. manarak

    manarak Member


    why do the error messages then appear?

    the cron job should just execute a php file situated in the webroot of web7.

    what's wrong?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    These are just notices from the jail creation script. They are ok.

    When you use a jailed cronjob, then all apps that you want to execute have to be in the jail. The php binary is not in the jail, so executing a php file with /usr/bin/php /path/to/my/file.php will not work.

    There are several possible solutions:

    a) When you want to use a jail, then use a command that is available inside the jail like wget to execute the php. The php script has to be put in the web dir so that wget can fetch it with a http url.

    b) install php into the jail. Thats a bit complicated as php jhas a lot of dependencies. You might want to consult the jailkit doczúmentation if you like to do this.

    c) Do not enable jails for thsi website. But thats not as secure as all system commands and files that can be accessed by a normal not jailed shell user are accessible by the cronjob.
  5. manarak

    manarak Member


    I didn't make a conscious choice of using a jail or not, I just setup a cron job in the ISPconfig panel.

    So I am a bit lost regarding the cron jobs.
    Is it enough to create a cron job by writing something similar to
    /usr/bin/php /var/www/clients/client2/web7/web/myscript.php

    Or are there other things to do for this to work?

    Another question:
    would the creation of that cronjob cause /etc /usr /bin /var directories to appear in the user's directory under client/web7 ?
    Last edited: Dec 20, 2010
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The cronjob limits are set in the client settings and get applied automatically to all websites that belong to that client.

    This will work if the cronjob is not jailed.

    If its a jailed cronjob, then yes. Otherwise, no.

    The main problem now might be that a website can not unjailed by simply changing the client settings, as the jail creation affects the whole setup of the website. So even if you want to unjail the site, you should first set the "max type of cronjobs" setting in the client limits to full cron. Then edit the /etc/passwd file and change the shell of the web7 user from /usr/sbin/jk_chrootsh back to /bin/false and change the path from /var/www/clients/client2/web7/./var/www/clients/client2/web7 back to /var/www/clients/client2/web7
  7. manarak

    manarak Member

    *scratch head*
    you need to make this simpler

    currently, the client is set at URL cron and max cron 0 (default settings)
    => I have no idea if the cronjob is jailed, but since the directories appeared, I guess it is jailed?
    => max cron = 0, will this prevent the cron job from being executed?
    (it could be useful to display the settings in the cron screen)

    Sooo... but since the Cron is jailed, you say that
    /usr/bin/php /var/www/clients/client2/web7/web/myscript.php
    will not work.

    So I should set the client to "Full cron" with a sufficent limit, right?
    Last edited: Dec 20, 2010
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, you have to set it to full cron as I wrote in my post above. The "max cron" number says only how many cronjobs the client is allowed to create.
  9. webtalk

    webtalk New Member

    I think you can use mailto to verify jobs functionality or execute some sort of script that gives you alert on failure or success.

    here is a post on cron jobs to know more about cron thing and have a look at ispconfig manuals
  10. falko

    falko Super Moderator ISPConfig Developer

  11. manarak

    manarak Member

    just as an idea, it could be useful to have a cron screen for the server admin, separate from the user crons.
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    The administrator can see all cronjobs of the clients when he clicks on cron in the sites module.
  13. manarak

    manarak Member

    yes, I meant a screen where the server admin can setup cron jobs on server level independently of client's settings.

    i.e. for admin to run his own crons under root user
    Last edited: Mar 5, 2011

Share This Page