fcron

The package fcron 1 is integral part of IPFire and it controls the job scheduling of the system.

Tutorial on how to configure fcron to run custom scripts

This section was lifted from a post in the IPFire community 2, with some modifications.

This tutorial follows the approach of setting up a separate user, fcronuser, for running custom scripts, including those that require root permissions. This keeps custom scripts separate from system scripts to prevent any loss during an IPFire update.

1. Create a non-login system user

Type the following command:

useradd -r -U -d / -s /bin/false -c "non root fcrontab user" fcronuser

Explanation of the switches:
-r specifies that this is a system user;
-U creates a group with the same name;
-d defines the home directory as /, although no home directory is created for system users it is specified in the /etc/passwd file;
-s defines the login shell, in this case /bin/false means the user cannot log in;
-c a comment about the user. It can be any string you want.

fcronuser is a logical name but it can be whatever you want, as long as it is not already in use.

If you need a place for your scripts, it is a good idea to replace the -d / switch with the -m switch instead. This will create a directory /home/fcronuser where you can put your scripts. Scroll down to Step 4 for fcrontab example executing scripts.

The entry in /etc/passwd should look something like:

fcronuser:x:998:998:non root fcrontab user:/:/bin/false

If you have set the -m switch instead, it will look like:

fcronuser:x:998:998:non root fcrontab user:/home/fcronuser:/bin/false

Note: the UID and GID will be dependent on what other users are already created on your system.

2. Create a sudoers file for the new user

The new filename can be anything but the simplest is to match the name of the new user i.e. fcronuser
Type:

nano /etc/sudoers.d/fcronuser

Add the following lines:

## Allow fcronuser to use sudo without a password
fcronuser       ALL=(ALL) NOPASSWD:ALL

This will allow fcronuser to run scripts that require root permissions by using sudo without needing to use a password.

3. Add the new user to the fcron.allow list

Edit /etc/fcron.allow to add fcronuser to the list, which will only include root unless you have already added other users.
After editing it should contain at least the following users:

root
fcronuser

4. Create an fcrontab 5 for the new user 3

Type the following command:

fcrontab -u fcronuser -e

Switch explanation:
-u specify user fcronuser whose fcrontab will be edited;
-e edit the fcrontab using default editor vi. Temporarily use nano by adding EDITOR=nano before the command.

Enter the commands for the scripts you want to run with fcron and save the file. Most scripts will run successfully with the native rights of fcronuser. For those that fail to run due to permissions, you will need to add sudo in front of the path.

Below is an example of fcronuser's fcrontab. The first three entries run fine as they are but the last one requires sudo to execute succesfully.

#
# fcrontab for fcronuser
#

# Restart rhea at 07:30 each day
30 7 * * * /home/fcronuser/scripts/wol_rhea.sh

# Run speedtest at 06:10, 10:10, 14:10, 18:10 & 22:10
10 2,6,10,14,18,22 * * * /home/fcronuser/scripts/speed_test.sh

# Run the DNS SERVFAIL count script on each Sunday at 01:10
10 1 * * 0 /home/fcronuser/scripts/DNS-SERVFAIL-count.sh

# Run iapetus backup each Saturday at 21:00
0 21 * * 6 "sudo /home/fcronuser/scripts/iapetus_backup.sh"

If you create your own script to be called by fcron, make sure to use any system binary command with the full path specified, as fcron might refuse to follow a path instruction.

File Location and Backups

The fcrontabs are stored under /var/spool/cron/.
fcronuser's fcrontab can be found here as well as any backups after editing i.e. fcronuser.orig .

To ensure that you backup these fcrontabs (and your scripts) in your IPFire backup routine, add the following lines to /var/ipfire/backup/include.user (see Backup for the documentation of include.user).

# Backup fcronuser's fcrontabs
var/spool/cron/fcronuser*

# Backup scripts folder
home/fcronuser/scripts/

Troubleshooting

If something with fcron/fcrontab is not working and it is time to debug. Edit /etc/rc.d/init.d/fcron and look for these lines:

loadproc /usr/sbin/fcron -y
# remove -y to reenable fcron logging

As the comment states, remove the -y to enable fcron logging. There is also a debug -d option if needed. After completing the issue review make sure to replace the -y or -d. 4

Restart fcron after editing /etc/rc.d/init.d/fcron

/etc/rc.d/init.d/fcron restart

Notes

  1. fcron documentation 

  2. Original post from Adolf Belka 

  3. fcrontab scheduling syntax calculator https://cronprompt.com (credits to iptom

  4. fcron manual 

  5. fcrontab manual 

Edit Page ‐ Yes, you can edit!
Last changed by ip fir, Friday View Older Revisions