-1

I have a server for which I have created a cron job "sendalerts" to users. Mind you this "sendalerts.php" should be runnable from two methods (via browser and also via a cron job)

So cron's job is to execute a php file which then sends the alerts out, something like this:

01 01 * * * /usr/bin/php -f /var/www/vhosts/xxxxx.com/xxx/sendalerts.php

But it keeps failing with the log message:

Could not open input file: /var/www/vhosts/xxxxx.com/xxx/sendalerts.php

So I checked the file group and owner of "sendalerts.php" and realized it was "anothergroup" (since it was created through Plesk filemanager) for which "root" is not a member. I then deleted and recreated "sendalerts.php" from SSH with root. But this would not grant me access to running the same file in browser as I would sometimes want to (manually send the alerts).

Yet I get the same log error when cron tries to execute (Could not open input file: /var/www/vhosts/xxxxx.com/xxx/sendalerts.php)

Currently my possible solution would be:

to recreate the same file using Plesk filemanager and then add "root" user to the "anothergroup" group . But for this My QUESTION is : would that be a safe and secure thing to do? considering now the group "anothergroup" may have "root" user permissions (if im not wrong in my understanding)

Scout for other better solutions, Please if anyone has a better solution to this please suggest/advise me on this. Thanks,

boxmluh

luhfluh
  • 111
  • 1
  • 3

2 Answers2

1

Adding root to said groups won't help as root should be able to access "anothergroup" GID owned files already.

Check the audit logs (some times located under /var/log/audit/) for any error message. For example SELinux or Apparmor may be preventing root from reaching into your directory through cron.

Other possible explanations may be that the /var/www/vhosts/xxxxx.com/xxx/ dir is located on an NFS share or the like, and root gets squashed? In that case I suggest you create a user who is a member of the "anothergroup" group and see if that helps.

Petter H
  • 3,383
  • 1
  • 14
  • 18
0

Put the command in the crontab of a user who is member of "anothergroup".

However, I am wondering, usually root can access anything, why not here?

In any case, making root member of "anothergroup" won't hurt either. There's nothing on a system that is "run as the group". Stuff is only run as a user which is a member of group(s).

Marki
  • 2,795
  • 3
  • 27
  • 45