How to run a cron job using the sudo command
I won't get into how much this is a bad idea; simply put, running sudo
in crontab requires your password to be stored somewhere in plaintext.
It's a bad idea.
The following is the preferred method of running administrative tasks through cron. Since you don't really need to write sudo
in the crontab, if you are modifying root's crontab.
Use root's crontab
Run the following command:
sudo crontab -e
This opens up root
's crontab. sudo
is not necessary to run your command in this context, since it'll be invoked as root
anyway.
Therefore, you would simply append the following to root's crontab.
@hourly rm somefile
Now, if you absolutely want to be unsafe and take risks with your password, the following will run your command from your own crontab, and enter your password automatically when prompted by sudo
.
Again, this is not recommended.
In your own crontab, write your command like so:
@hourly echo "password" | sudo -S rm somefile
The obvious disadvantage here is that, should anyone ever access your crontab, your password will be readable in plaintext.
You shouldn't do this.
If you are putting the script from one of the cron directories (/etc/cron.*
) then you don't need to use sudo as that is running as root.
If you are using crontab, then you will want to use root's crontab. This will run it as root, and also not need sudo.
sudo crontab -e
Run following command in terminal
sudo visudo
Added the following line to the end of the file:
vidyadhar ALL= NOPASSWD: /bin/rm
In the above example vidyadhar is the username and it will not ask for password if you are running rm command through vidyadhar.
Sometimes it is necessary for root to execute a command as a specific user of the system. For example, with borgbackup, it is common to have root check the warehouse using the borg user. if the task must be executed once a day, we will use the /etc/cron.daily folder, like that:
# cat /etc/cron.daily/borgbackup_check
#!/bin/bash
sudo -u borg borg check /borgbackup >> /var/log/borgbackup.log
where "-u borg" is used take the identity of the borg user, "borg" is the borg command and "/borgbackup" is the wharehouse.