Ubuntu 18.04 上的 cron 作业的身份验证问题

Posted 2023-03-04

【中文标题】Ubuntu 18.04 上的 cron 作业的身份验证问题

【英文标题】：Authentication issue with cron job on Ubuntu 18.04

【发布时间】：2018-11-07 10:56:17

【问题描述】：

我全新安装了 Ubuntu 18.04，但无法让 cron 作业执行脚本。

Crontab -l 包含以下内容：

# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h  dom mon dow   command

SHELL=/bin/bash
PATH=/usr/local/bin:/usr/bin:/user/local/sbin:/usr/sbin:/home/rob/scripts

*/1 * * * * /bin/bash /home/rob/scripts/scan2.sh >> /home/rob/scripts/scan.log 2>&1
0 1 * * * /bin/bash /home/rob/scripts/trimdb.sh
0 1 * * * /bin/bash /home/rob/scripts/sortf.sh

我可以看到 cron 作业在 /var/log/syslog 内的正确时间执行，如下所示：

May 28 21:38:01 net CRON[1899]: (rob) CMD (/bin/bash /home/rob/scripts/scan2.sh >> /home/rob/scripts/scan.log 2>&1)
May 28 21:39:01 net CRON[1915]: (rob) CMD (/bin/bash /home/rob/scripts/scan2.sh >> /home/rob/scripts/scan.log 2>&1)
May 28 21:40:01 net CRON[1931]: (rob) CMD (/bin/bash /home/rob/scripts/scan2.sh >> /home/rob/scripts/scan.log 2>&1)
May 28 21:41:01 net CRON[1947]: (rob) CMD (/bin/bash /home/rob/scripts/scan2.sh >> /home/rob/scripts/scan.log 2>&1)

但是，当我检查 cron 服务时，我可以看到有一个身份验证错误：

May 28 21:46:01 net sudo[2146]: pam_unix(sudo:auth): conversation failed
May 28 21:46:01 net sudo[2146]: pam_unix(sudo:auth): auth could not identify password for [rob]
May 28 21:46:01 net CRON[2134]: pam_unix(cron:session): session closed for user rob
May 28 21:47:01 net CRON[2152]: pam_unix(cron:session): session opened for user rob by (uid=0)
May 28 21:47:01 net CRON[2153]: (rob) CMD (/bin/bash /home/rob/scripts/scan2.sh >> /home/rob/scripts/scan.log 2>&1)
May 28 21:47:01 net sudo[2164]: pam_unix(sudo:auth): conversation failed
May 28 21:47:01 net sudo[2164]: pam_unix(sudo:auth): auth could not identify password for [rob]
May 28 21:47:01 net CRON[2152]: pam_unix(cron:session): session closed for user rob

脚本在手动运行时完美运行。

感谢您的帮助。

scan.log 的内容：

sudo: no tty present and no askpass program specified
/home/rob/scripts/scan2.sh: line 43: grep: command not found
/home/rob/scripts/scan2.sh: line 1: date: command not found
/home/rob/scripts/scan2.sh: line 2: date: command not found
/home/rob/scripts/scan2.sh: line 3: date: command not found
/home/rob/scripts/scan2.sh: line 5: date: command not found
/home/rob/scripts/scan2.sh: line 6: date: command not found
/home/rob/scripts/scan2.sh: line 7: date: command not found
/home/rob/scripts/scan2.sh: line 41: grep: command not found

【问题讨论】：

这是“rob”还是“root”crontab？

你在scan.log中看到了什么有用的东西吗？

这是 rob crontab

将scan.log的内容添加到问题中

听起来您是在要求我们调试 /home/rob/scripts/scan2.sh 而不向我们显示 /home/rob/scripts/scan2.sh 中的代码。

【参考方案1】：

我已经通过以下步骤解决了这个问题：

请检查该用户的密码是否应该过期。

chage -l scfuser

如果过期，请按照以下步骤进行设置：

密码 scfuser

【参考方案2】：

看起来scan2.sh 中的某些东西正在尝试运行sudo，而sudo 需要您的密码进行身份验证。但是，sudo 无法获取您的密码，因为 cron 作业未与终端关联，因此 pam_auth（sudo 用于提示输入密码的库）报告失败。

要解决这个问题，您可以使用sudo -A 和设置为程序名称的$SUDO_ASKPASS 环境变量（它可以只是一个shell 脚本），该程序将提供您的密码。如果您这样做，请确保只有您的 UID 能够读取、写入和运行您的密码提供程序程序。