Written by James McDonald

February 16, 2022

Problem: You get access denied when running a script from your user crontab but not when running it interactively

Cause: Your user is in the correct group when logged in but not for cron

Resolution: Add the user to the correct group

This is on Ubuntu 20.04 LTS

How to troubleshoot missing cron group membership

When I run groups or id as my Ubuntu user interactively I get a long list of group memberships:

id
#output
uid=1000(myuser) gid=1000(myuser) groups=1000(myuser),4(adm),8(mail),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),117(netdev),118(lxd)

groups
#output
myuser adm mail dialout cdrom floppy sudo audio dip video plugdev netdev lxd

But when I run a crontab as user that attempts to cat at an nginx log it returns access denied

cat: /var/log/nginx/www_access.log: Permission denied

Checking the permissions of the file my user has the right group membership (adm) to read the file. So why am I getting access denied when running from the user cron?

ls -alh /var/log/nginx/www_access.log
-rw-r----- 1 www-data adm 0 Feb 16 00:00 /var/log/nginx/www_access.log

But checking the group memberships when running cron tells me I don’t have membership in the adm group

# put id command in the cron script wait for it to run and look at the output
id > /tmp/id.out
# get the output
cat /tmp/id.out
# output missing adm group membership
uid=1000(myuser) gid=1000(myuser) groups=1000(myuser),8(mail)

Clearly I don’t have the correct membership in the adm group when running cron. The fix is adding the user to the group properly:

sudo usermod -G adm myuser

Checking /etc/groups there was no entry for my user for the adm group

# before
adm:x:4:syslog

# after running usermod
adm:x:4:syslog,myuser


Fixed!!!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...