fcron

The package fcron 1 is integral part of IPFire and it controls the job scheduling of the system.

Tutorial on how to configure fcron to run custom scripts

This section was lifted from a post in IPFire forum 2, with slight modifications.

This tutorial follow the approach of setting up a separate user, here called fcronuser, and use it for running scripts, including those that require root permissions. This keeps the custom scripts separated from the system scripts to prevent any loss during an IPFire update.

  1. Create a non-login system user with the following command:
    useradd -r -U -d / -s /bin/false -c "non root fcrontab user" fcronuser.
    Explanation for the switches:
    -r specifies that it is a system user;
    -U tells it to also create a group with the same name;
    -d defines the home directory as /, although no home directory is created for system users it is specified in the passwd file;
    -s defines the login shell, in this case /bin/false means the user cannot log in;
    -c is a comment about the user. It can be any string you want.

fcronuser is a logical name but it can be whatever you want, as long as it is not already in use.

If you need a place for your scripts, it is a good idea to ommit the -d switch and set the -m switch instead. That will create a directory /home/fcronuser where you can put the scripts into. Take a look at the example under step 4 i.e.

The entry in the /etc/passwd file should look something like: 

`fcronuser:x:998:998:non root fcrontab user:/:/bin/false`

If you have set the -d switch. In case of setting the -m switch instead, it will look like:

`fcronuser:x:998:998:non root fcrontab user:/home/fcronuser:/bin/false`

The uid and gid will be dependent on what other users are already created on your system.

  1. Create a sudoers file for the fcronuser in /etc/sudoers.d/. It can be called whatever you want but the simplest is to name it the same as the user, therefore fcronuser contents should be:
## Allow fcronuser to use sudo without a password
fcronuser       ALL=(ALL) NOPASSWD:ALL

This will allow the fcronuser to run scripts that require root permissions by using sudo without needing to use a password.

  1. Then you need to add the new user to the fcron.allow list. Edit /etc/fcron.allow to add fcronuser to the list, which will only include root unless you have already added another user to it.
    After editing it should contain at lease the following lines:
root
fcronuser
  1. Create the fcrontab for your new user 3:
    fcrontab -u fcronuser -e
    Note:
    -u fcronuser tells fcrontab to use the user fcronuser;
    -e says to edit the fcronuser fcrontab.
    Enter whatever scripts you want run with fcron and save the file.
    Most scripts will be able to run successfully with the native rights of the fcronuser.
    For those that do not run successfully due to permissions, you will need to add sudo at the front.
    Below is an example of fcronuser fcrontab. Three entries run fine as they are. One of them has to have sudo to execute.
#
# crontab for fcronuser
#

# Restart rhea at 07:30 each day
30 7 * * * /home/fcronuser/scripts/wol_rhea.sh

# Run iapetus backup each Saturday at 21:00
0 21 * * 6 "sudo /home/fcronuser/scripts/iapetus_backup.sh"

# Run speedtest at 06:10, 10:10, 14:10, 18:10 & 22:10
10 2,6,10,14,18,22 * * * /home/fcronuser/scripts/speed_test.sh

# Run the DNS SERVFAIL count script on each Sunday at 01:10
10 1 * * 0 /home/fcronuser/scripts/DNS-SERVFAIL-count.sh

If you create your own script to be called by fcron, make sure to use any system binary command with the full path specified, as fcron might refuse to follow a path instruction.

Files locations

The fcrontabs are stored under /var/spool/cron/ and you should find in that directory fcronuser as well as, after some editing, fcronuser.orig .

To ensure that you backup those files in your IPFire backup routine add the line var/spool/cron/fcronuser* to the /var/ipfire/backup/include.user file (see Backup for the documentation of include.user).

Troubleshooting

Is something with fcron/fcrontab not working and it is time to debug? Edit the file /etc/rc.d/init.d/fcron and look for these lines:

loadproc /usr/sbin/fcron -y
# remove -y to reenable fcron logging

As the comment states, remove the -y to enable fcron logging. There is also a debug -d option if needed. After completing the issue review make sure to replace the -y or -d. 4

After changing the /etc/rc.d/init.d/fcron file make sure to enter:

/etc/rc.d/init.d/fcron restart

to restart fcron.

Notes

  1. http://fcron.free.fr/index.php 

  2. taken from this post from Adolf Belka 

  3. to get help with the scheduling syntax, you can use the following link https://cronprompt.com/ (credits to iptom

  4. Fcron documentation for fcron 

Edit Page ‐ Yes, you can edit!
Last changed by be_frank, January 5 View Older Revisions