The package fcron 1 is integral part of IPFire and it controls the job scheduling of the system.
Tutorial on how to configure fcron to run custom scripts
This section was lifted from a post in IPFire forum 2, with slight modifications.
This tutorial follow the approach of setting up a separate user, here called fcronuser, and use it for running scripts, including those that require root permissions. This keeps the custom scripts separated from the system scripts to prevent any loss during an IPFire update.
- Create a non-login system user with the following command:
useradd -r -U -d / -s /bin/false -c "non root fcrontab user" fcronuser.
Explanation for the switches:
-rspecifies that it is a system user;
-Utells it to also create a group with the same name;
-ddefines the home directory as /, although no home directory is created for system users it is specified in the passwd file;
-sdefines the login shell, in this case /bin/false means the user cannot log in;
-cis a comment about the user. It can be any string you want.
fcronuser is a logical name but it can be whatever you want, as long as it is not already in use.
The entry in the /etc/passwd file should look something like:
fcronuser:x:998:998:non root fcrontab user:/:/bin/false
The uid and gid will be dependent on what other users are already created on your system.
- Create a
sudoersfile for thefcronuserin/etc/sudoers.d/. It can be called whatever you want but the simplest is to name it the same as the user, thereforefcronusercontents should be:
## Allow fcronuser to use sudo without a password
fcronuser ALL=(ALL) NOPASSWD:ALL
This will allow the fcronuser to run scripts that require root permissions by using sudo without needing to use a password.
- Then you need to add the new user to the
fcron.allowlist. Edit/etc/fcron.allowto addfcronuserto the list, which will only includerootunless you have already added another user to it.
After editing it should contain at lease the following lines:
root
fcronuser
- Create the fcrontab for your new user 3:
fcrontab -u fcronuser -e
Note:
-ufcronusertellsfcrontabto use the userfcronuser;
-esays to edit thefcronuserfcrontab.
Enter whatever scripts you want run withfcronand save the file.
Most scripts will be able to run successfully with the native rights of thefcronuser.
For those that do not run successfully due to permissions, you will need to addsudoat the front.
Below is an example offcronuserfcrontab. Three entries run fine as they are. One of them has to havesudoto execute.
#
# crontab for fcronuser
#
# Restart rhea at 07:30 each day
30 7 * * * /home/fcronuser/scripts/wol_rhea.sh
# Run iapetus backup each Saturday at 21:00
0 21 * * 6 "sudo /home/fcronuser/scripts/iapetus_backup.sh"
# Run speedtest at 06:10, 10:10, 14:10, 18:10 & 22:10
10 2,6,10,14,18,22 * * * /home/fcronuser/scripts/speed_test.sh
# Run the DNS SERVFAIL count script on each Sunday at 01:10
10 1 * * 0 /home/fcronuser/scripts/DNS-SERVFAIL-count.sh
If you create your own script to be called by fcron, make sure to use any system binary command with the full path specified, as fcron might refuse to follow a path instruction.
Files locations
The fcrontabs are stored under /var/spool/cron/ and you should find in that directory fcronuser as well as, after some editing, fcronuser.orig .
To ensure that you backup those files in your IPFire backup routine add the line var/spool/cron/fcronuser* to the /var/ipfire/backup/include.user file (see Backup for the documentation of include.user).
Troubleshooting
Is something with fcron/fcrontab not working and it is time to debug? Edit the file /etc/rc.d/init.d/fcron and look for these lines:
loadproc /usr/sbin/fcron -y
# remove -y to reenable fcron logging
As the comment states, remove the -y to enable fcron logging. There is also a debug -d option if needed. After completing the issue review make sure to replace the -y or -d. 4
After changing the /etc/rc.d/init.d/fcron file make sure to enter:
/etc/rc.d/init.d/fcron restart
to restart fcron.
Notes
-
taken from this post from Adolf Belka ↩
-
to get help with the scheduling syntax, you can use the following link https://cronprompt.com/ (credits to iptom) ↩