0

My goal is to run a Docker container that contains crontab. So I want, as a non-root user, to be able to run scheduled crontab jobs. I am running the following Docker image:

FROM openjdk:8
RUN apt-get update && apt-get -y install nano
RUN apt-get update && apt-get -y install cron
RUN service cron start # tried both
RUN cron               # tried both
ENV TZ="Europe/Rome"
RUN useradd -u 8877 myuser
USER myuser
CMD ["tail", "-f", "/dev/null"]

I deploy it in a Docker stack:

...
crontab:
  image: reg/image
  cap_drop:
  - cap_dac_override
deploy:
  mode: replicated
  replicas: 1
  restart_policy:
    condition: any
    delay: 3s
    window: 60s
  placement:
    constraints: [node.role == manager]
  update_config:
    delay: 2s
volumes:
  - v:/my/vol
environment:
  - PUID=8877
  - PGID=8877
...

When I run docker exec -it <id> bash as myuser into the container, I execute service cron status and it outputs "cron is running." But if I run crontab -e, the file I am writing appears with red error message "Problems with history file". If I try to save it others errors appear such as "no crontab for myuser - using an empty one touch: cannot touch '/home/myuser/.selected_editor': No such file or directory Unable to create directory /home/myuser/.local/share/nano/: No such file or directory It is required for saving/loading search history or cursor positions."

Improve this question
4
  • Does /home/myuser exist? If yes, does the user have access permissions for it? Commented Mar 14, 2024 at 16:53
  • I can't reproduce this. Yes, I also get the "Problems with history file" error due to the user not having a home directory, but there is no issue saving the file and verifying that the crontab was updated (with crontab -l). The cron schedule is also running ok inside the container. I don't recognise the other errors that you list. I tested manually inside a container started with docker run --rm -it openjdk:8 bash. Commented Mar 14, 2024 at 17:07
  • @choroba not, it does not exist. Obviously that was the problem, I have manually created the personal folder and given privileges to myuser. I thought the container was doing it automatically... I have to set this in the Dockerfile I guess. Thank you! Commented Mar 19, 2024 at 8:52
  • It was the useradd command in Dockerfile, it doesn't automatically generate the personal folder, compared to adduser :) Commented Mar 19, 2024 at 10:07

1 Answer 1

Reset to default
0

There may be more than one way to restrict crontab usage. See the crontab manpage for your installation.

In the simplest case, control is via the files /etc/cron.allow, /etc/cron.deny. The rules for their use are very specific:

  • If neither file exists, then only root can run crontab
  • If cron.allow exists, then your username must be listed in order to use crontab.
  • All users in cron.deny are disallowed.
  • If ONLY cron.deny exists, then all users not mentioned can use crontab.
Improve this answer
1
  • 1
    This does not seem to address the cause of the issues that the user in the question is facing. Commented Mar 14, 2024 at 18:20

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.