Cron job will run via shell but not the user account

Luke Jones

• November 13, 2018 09:35

Hi All hope you can help i have hit a bit of a confusing issue. I have a cron job setup on a user that does not seem to run, if I apply shell access to the user then the cron will run fine however with jailed shell or no shell it will not run. The same cron is in place on other users without shell access and runs fine on another server. Both servers run on the same ESXi platform with the same configuration of virtual hardware I have checked file permissions to ensure they match, as well as server configuration for pretty much everything i can think of, both servers are on v76.0.6 If i manually edit the cd /var/spool/cron/USERNAME file and exchange the line: SHELL="/usr/local/cpanel/bin/jailshell" for: SHELL="/bin/bash" this allows the cron to run however as soon as this is updated via cPanel this line reverts and the cron ceases to work again Any help would be greatly appreciated.

• 

  cPanelLauren

  • November 14, 2018 17:42

  Hi @Luke Jones Can you provide an idea of what the cron is doing? You could even add it here just remove anything account specific. Also would it be possible to provide some information on the system you're running (OS, cPanel version, PHP version etc.)? Thanks!

  0
• 

  Luke Jones

  • November 15, 2018 14:57

  System information: $ uname -a Linux XXXXXXXXRedactedXXXXXXXX 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core)
$ df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 843G 289G 520G 36% / devtmpfs 7.8G 0 7.8G 0% /dev tmpfs 7.8G 4.0K 7.8G 1% /dev/shm tmpfs 7.8G 814M 7.0G 11% /run tmpfs 7.8G 0 7.8G 0% /sys/fs/cgroup tmpfs 1.6G 0 1.6G 0% /run/user/1317
  The server has php 5.6, 7.0 and 7.2 installed however this user is using 7.0 (have tested this with 7.2 with the same issue) The cron: 30 * * * * /usr/local/bin/php /home/USER/public_html/includes/cron/cron.php ecommerce.php
  Contents of cron.php: URI = 'CRON'; // Get Languages if(!$_SESSION[$Website->DB]->Languages) { $Languages = new Language(); $Languages->GetRecords(); $_SESSION[$Website->DB]->Languages = array(); foreach($Languages->Items as $Language) { $Key = reset(explode('_',$Language->Code)); if($Language->IsDefault) { $_SESSION[$Website->DB]->DefaultLanguage = $Key; } $Language->GetPhrases(); $_SESSION[$Website->DB]->Languages[$Key] = $Language; } unset($Languages); } // Process CRON $Website->ProcessCRON($argv[1] ? $argv[1] : $_GET['File'>); // Unset Website & Database unset($Website,$Databases); ?>
  Contents of ecommerce.php: Language = $_SESSION[$this->DB]->Languages[$_SESSION[$this->DB]->DefaultLanguage]; $this->Products = new Product(); $Directory = __DIR__.'/ecommerce/'.($argv[1] ? 'php' : 'curl').'/'; $Files = scandir($Directory); echo "\n".'Ecommerce CRON Started...'."\n\n"; foreach($Files as $File) { if(substr($File,-4) === '.php') { $ExecutionTimes = explode(',',$this->Products->Config->CRON->$File); if($ExecutionTimes && in_array(date('H'),$ExecutionTimes)) { require($Directory.$File); echo 'CRON Complete: "'.$File.'"'."\n"; } elseif(!array_filter($ExecutionTimes)) { echo 'No Execution Time(s) Set For: "'.$File.'"'."\n"; } } } ?>
  

  0
• 

  cPanelLauren

  • November 15, 2018 15:25

  Hi @Luke Jones Thank you so much for all the information! This is really helpful. Two things: 1. Can you tell me which PHP handler you're using? 2. Can you show me the output when you run the cron manually (as the user) with and without JailShell enabled? Thanks!

  0
• 

  cPanelLauren

  • November 15, 2018 15:30

  Hi @Luke Jones Another thing that just came to my attention. You noted the following:

  If i manually edit the cd /var/spool/cron/USERNAME file and exchange the line

  
  How are you editing? Can you confirm that /var/spool/cron/$user is owned by user:user? Thanks!

  0
• 

  Luke Jones

  • November 15, 2018 15:45

  Hi cPanelLauren, The php Handlers are all set to cgi however the system is configured using PHP-FPM which i believe is used instead? When running the cron manually with full shell access it prints to the screen and it then pauses there for a while whilst the database is populated (i am dumping the table contents in between tests currently for testing purposes so can see all the new entries) before returning to the prompt. When running as the cron instead of manually via shell it sends the email to. $ /usr/local/bin/php /home/USER/public_html/includes/cron/cron.php ecommerce.php Ecommerce CRON Started... $
  When shell access is set to jailed shell it does nothing. $ /usr/local/bin/php /home/USER/public_html/includes/cron/cron.php ecommerce.php $
  Nothing on the screen just straight to the prompt again and when running as the cron instead of manually via shell no email. Regards

  0
• 

  Luke Jones

  • November 15, 2018 15:51

  All files in /var/spool/cron/ look to be owned by root:root $ cd /var/spool/cron/ $ ls -al -rw-------. 1 root root 215 Nov 15 16:41 USER
  I did most of the editing via the user cPanel account. It was only after finding that it ran via shell with full access that I compared the file using VIM with the account set to full shell and then again set to jailed shell and disabled shell. I edited it to give it the full shell access after setting the user back to disabled shell to try and make the account as secure as I could whilst implementing the "/bin/bash" entry to allow the cron to run as a temporary work around

  0
• 

  cPanelLauren

  • November 15, 2018 19:39

  Is anything added to the php-fpm error logs? You can find them at /opt/cpanel/ea-php70/usr/var/log/php-fpm/error.log
  

  0

Please sign in to leave a comment.