I need to remove empty files out of a directory that are over 6 hours
old so I created this script and put it in cron.hourly.
#!/bin/sh
cd /var/list
sudo -u matt find /var/list -mmin +360 -empty -user matt -exec rm {} \;
I want to run it as matt rather than root for just an added bit of
safety. Problem is I get this.
"sudo: sorry, you must have a tty to run sudo"
Is there another way to do this? As I understand the reason for this
is requiretty in sudo config. If that improves security I would
rather not change that setting.
You can disable requiretty for one user also: https://linuxreference.wordpress.com/2010/11/22/disable-requiretty-in-etcsudoers/ -- Eero 2015-02-12 20:32 GMT+02:00 Matt <matt.mailinglists at gmail.com>:> I need to remove empty files out of a directory that are over 6 hours > old so I created this script and put it in cron.hourly. > > #!/bin/sh > cd /var/list > sudo -u matt find /var/list -mmin +360 -empty -user matt -exec rm {} \; > > I want to run it as matt rather than root for just an added bit of > safety. Problem is I get this. > > "sudo: sorry, you must have a tty to run sudo" > > Is there another way to do this? As I understand the reason for this > is requiretty in sudo config. If that improves security I would > rather not change that setting. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
On Thu, Feb 12, 2015 at 1:32 PM, Matt <matt.mailinglists at gmail.com> wrote:> I need to remove empty files out of a directory that are over 6 hours > old so I created this script and put it in cron.hourly. > > #!/bin/sh > cd /var/list > sudo -u matt find /var/list -mmin +360 -empty -user matt -exec rm {} \; > > I want to run it as matt rather than root for just an added bit of > safety. Problem is I get this. > > "sudo: sorry, you must have a tty to run sudo" > > Is there another way to do this? As I understand the reason for this > is requiretty in sudo config. If that improves security I would > rather not change that setting.Can't you just run it from your own crontab and not from root's?
On Thu, Feb 12, 2015 at 1:32 PM, Matt <matt.mailinglists at gmail.com> wrote:> I need to remove empty files out of a directory that are over 6 hours > old so I created this script and put it in cron.hourly. > > #!/bin/sh > cd /var/list > sudo -u matt find /var/list -mmin +360 -empty -user matt -exec rm {} \; >What if you did not use sudo at all? Say in cron.d: 0 * * * * matt /usr/local/bin/deletecrap> /dev/null 2>&1> I want to run it as matt rather than root for just an added bit of > safety. Problem is I get this. > > "sudo: sorry, you must have a tty to run sudo" > > Is there another way to do this? As I understand the reason for this > is requiretty in sudo config. If that improves security I would > rather not change that setting. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
On Thu, February 12, 2015 12:32 pm, Matt wrote:> I need to remove empty files out of a directory that are over 6 hours > old so I created this script and put it in cron.hourly. > > #!/bin/sh > cd /var/list > sudo -u matt find /var/list -mmin +360 -empty -user matt -exec rm {} \; > > I want to run it as matt rather than root for just an added bit of > safety. Problem is I get this. > > "sudo: sorry, you must have a tty to run sudo" > > Is there another way to do this? As I understand the reason for this > is requiretty in sudo config. If that improves security I would > rather not change that setting.Did you try to use su instead? E.g., in my /etc/rc.local I have a bunch of stuff run on behalf of users other than root. Like: /bin/su lmgrd -c 'export IDL_DIR=/usr/local/opt/flexlm/idl;/usr/local/opt/flexlm/idl/bin/lmgrd -c /usr/local/opt/flexlm/licenses/license.dat -l /var/log/flexlm/idl.log > /dev/null 2>&1' Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Thu, Feb 12, 2015 at 12:32:12PM -0600, Matt wrote:> I need to remove empty files out of a directory that are over 6 hours > old so I created this script and put it in cron.hourly.For what it's worth, we no longer have requiretty in the package in Fedora, so eventually that change will probably make it down to CentOS. Overall, security benefit vanishingly small and inconvenience high. I do think that the suggestion of using /etc/cron.d and cron's own user feature is better in this case, though. -- Matthew Miller <mattdm at fedoraproject.org> Fedora Project Leader
On Thu, February 12, 2015 12:45 pm, Valeri Galtsev wrote:> > On Thu, February 12, 2015 12:32 pm, Matt wrote: >> I need to remove empty files out of a directory that are over 6 hours >> old so I created this script and put it in cron.hourly. >> >> #!/bin/sh >> cd /var/list >> sudo -u matt find /var/list -mmin +360 -empty -user matt -exec rm {} \; >> >> I want to run it as matt rather than root for just an added bit of >> safety. Problem is I get this. >> >> "sudo: sorry, you must have a tty to run sudo" >> >> Is there another way to do this? As I understand the reason for this >> is requiretty in sudo config. If that improves security I would >> rather not change that setting. > > Did you try to use su instead? E.g., in my /etc/rc.local I have a bunch of > stuff run on behalf of users other than root. Like: > > /bin/su lmgrd -c 'export > IDL_DIR=/usr/local/opt/flexlm/idl;/usr/local/opt/flexlm/idl/bin/lmgrd -c > /usr/local/opt/flexlm/licenses/license.dat -l /var/log/flexlm/idl.log > > /dev/null 2>&1' >As a second thought (which should have been firth thought), you may be able to just add cron job for that user (if that user isn't deprived the ability to have cron jobs). Assuming you are root, edit that user's crontab: crontab -u matt and either put that single long command line in user's crontab (note, you also need to specify time parameters, take a look into man crontab) or point to script (which should be readable and executable by that user). Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
>> I need to remove empty files out of a directory that are over 6 hours >> old so I created this script and put it in cron.hourly. > > For what it's worth, we no longer have requiretty in the package in > Fedora, so eventually that change will probably make it down to CentOS. > Overall, security benefit vanishingly small and inconvenience high.https://bugzilla.redhat.com/show_bug.cgi?id=1020147#c9 Surprised its still in Centos 7 actually.> I do think that the suggestion of using /etc/cron.d and cron's own user > feature is better in this case, though.