181

I have few crontab jobs that run under root, but that gives me some problems. For example all folders created in process of that cron job are under user root and group root. How can i make it to run under user www-data and group www-data so when i run scripts from my website i can manipulate those folders and files?

My server runs on Ubuntu.
Current crontab job is: 

*/1 * * * * php5 /var/www/web/includes/crontab/queue_process.php >> /var/www/web/includes/crontab/queue.log 2>&1
the Tin Man
  • 150,910
  • 39
  • 198
  • 279
arma
  • 3,974
  • 10
  • 42
  • 59

5 Answers5

352

Instead of creating a crontab to run as the root user, create a crontab for the user that you want to run the script. In your case, crontab -u www-data -e will edit the crontab for the www-data user. Just put your full command in there and remove it from the root user's crontab.

Mike
  • 7,564
  • 5
  • 30
  • 43
  • 59
    It works the same way when you use `crontab -e` as a specific user. – kulak Apr 27 '14 at 11:19
  • 7
    But will this crontab be checked at system start-up or only when the user logs in? – Bruno Finger Mar 30 '15 at 12:42
  • 11
    `cron` on *nix systems doesn't require a user to login in order to run the jobs specified in a specific user's crontab. – Mike Mar 30 '15 at 13:45
  • 2
    Will this also set the group id as the OP asked? What if the group one wants is different from the user's primary group? – askyle Mar 31 '15 at 09:59
51

EDIT: Note that this method won't work with crontab -e, but only works if you edit /etc/crontab directly. Otherwise, you may get an error like /bin/sh: www-data: command not found

Just before the program name:

*/1 * * * * www-data php5 /var/www/web/includes/crontab/queue_process.php >> /var/www/web/includes/crontab/queue.log 2>&1
Pamela
  • 507
  • 6
  • 20
Christian Nowak
  • 896
  • 5
  • 5
  • That would make it run as apache user witch is www-data right? – arma Dec 12 '11 at 14:23
  • 20
    Note that this method won't work with `crontab -e`, but only works if you edit `/etc/crontab` directly. Read the comment at the top of this file for more information. – imgx64 Jun 11 '13 at 18:23
  • 5
    The user can only be specified in the system crontab – James Roth Jun 26 '13 at 14:39
  • I have a few jobs on schedule on system crontab. When I do `sudo crontab -e`, I see the jobs. But I open the file `/etc/crontab` there are no jobs. Is this weird? Also if I `sudo crontab -e` and add a job with user specified, will it work? – eNeMetcH Jun 01 '16 at 15:56
14

Since you're running Ubuntu, your system crontab is located at /etc/crontab.

As the root user (or using sudo), you can simply edit this file and specify the user that should run this command. Here is the format of entries in the system crontab and how you should enter your command:

# m h dom mon dow user  command
*/1 * * * * www-data php5 /var/www/web/includes/crontab/queue_process.php >> /var/www/web/includes/crontab/queue.log 2>&1

Of course the permissions for your php script and your log file should be set so that the www-data user has access to them.

pymkin
  • 3,904
  • 1
  • 19
  • 17
  • I thought this should be equivalent to `crontab -e` though; but not. – zinking Apr 15 '14 at 00:30
  • 6
    The Ubuntu docs have recommended not editing /etc/crontab as it can be overwritten by updates. crontab -e will create a user-specific cron file in /var/spool/cron/crontabs. – Hemm Sep 13 '14 at 22:43
9

Mike's suggestion sounds like the "right way". I came across this thread wanting to specify the user to run vncserver under on reboot and wanted to keep all my cron jobs in one place.

I was getting the following error for the VNC cron:

vncserver: The USER environment variable is not set. E.g.:

In my case, I was able to use sudo to specify who to run the task as.

@reboot sudo -u [someone] vncserver ...
Oliver Moran
  • 4,849
  • 3
  • 28
  • 44
  • 1
    I got this message on the logs: `sudo: sorry, you must have a tty to run sudo` – Renato Gama Jun 22 '15 at 15:37
  • @renatoargh You are probably running on RedHat. Take a look at [this answer](http://unix.stackexchange.com/questions/122616/why-do-i-need-a-tty-to-run-sudo-if-i-can-sudo-without-a-password) on Unix.SE. – kaiser Oct 15 '15 at 12:59
9

You can also try using runuser (as root) to run a command as a different user

*/1 * * * * runuser php5 \
            --command="/var/www/web/includes/crontab/queue_process.php \
                       >> /var/www/web/includes/crontab/queue.log 2>&1"

See also: man runuser

Russell E Glaue
  • 1,472
  • 12
  • 9
  • `runuser` is not included in Ubuntu. – Raptor Jul 26 '16 at 04:17
  • 1
    runuser is in the latest version of Ubuntu. There are also alternatives to runuser as discussed in this answer http://unix.stackexchange.com/questions/169441/ubuntu-runuser-command , e.g. su, and sudo. – Russell E Glaue Jul 26 '16 at 19:28