What's new

Are there limitations when using cron?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

XIII

Very Senior Member
Since 1Password now offers a nice CLI that works on our router, I'm trying to make my scripts more secure, by no longer hardcoding credentials.

However I notice something weird when testing this:

Experiment 1

/jffs/scripts/test1:
Bash:
#!/bin/sh
logger test1
/opt/bin/op run --env-file=/jffs/op/test.env -- /jffs/scripts/test2

/jffs/op/test.env:
Code:
SOME_CREDENTIAL=blabla

/jffs/scripts/test2:
Bash:
#!/bin/sh
logger test2
logger credential: $SOME_CREDENTIAL

Code:
➜ cru l
*/2 * * * * /jffs/scripts/test1 #Test#

* When I manually run /jffs/scripts/test1 I see both the test1 and test2 lines in /tmp/syslog.log
* When I wait for /jffs/scripts/test1 to be executed by cron I only see test1 in the logging (not test2)

Experiment 2

Modified /jffs/scripts/test1 (not injecting credentials):
Bash:
#!/bin/sh
logger test1
/jffs/scripts/test2

* When I manually run /jffs/scripts/test1 I see both the test1 and test2 lines in /tmp/syslog.log
* When I wait for /jffs/scripts/test1 to be executed by cron I see both the test1 and test2 lines in /tmp/syslog.log

Question

What might be limiting the 1Password CLI op tool when being executed using cron? (How can I make this work?)
 
Can't really be sure, but one thing you have to be careful about is the context under which a process is running. When something is run from the scheduler, it does NOT necessarily have the same environment as YOU when you're logged into the shell.

So let's say there's some dependency the process has on a local environment variable that's only available when you're logged in. That same environment variable might NOT be available to the system when running off the scheduler.

I know nothing about that (what I assume is a) binary (/opt/bin/op). So I'm just speculating.
 
So let's say there's some dependency the process has on a local environment variable that's only available when you're logged in.
I thought about context differences, but not specifically about environment variables…

You probably nailed it; I think I need to (again) set OP_CONNECT_HOST and OP_CONNECT_TOKEN:


Unfortunately, I can’t test this hypothesis right now: once again I cannot SSH into my router running 386.7(_1). A reboot usually solves this, but I can’t reboot it right now.

Will report back later. Thanks!
 
I thought about context differences, but not specifically about environment variables…

You probably nailed it; I think I need to (again) set OP_CONNECT_HOST and OP_CONNECT_TOKEN:


Unfortunately, I can’t test this hypothesis right now: once again I cannot SSH into my router running 386.7(_1). A reboot usually solves this, but I can’t reboot it right now.

Will report back later. Thanks!
If ssh stops working because you attempted the wrong password too many times if you mask your MAC address with a random address and renew lease you can usually get another chance to login as it temp bans that devices original Mac. Or use another device to ssh. Windows,Mac/iOS, Linux you should be able to spoof a MAC address in settings.
 
The USB flash drive in my router died today; that's why SSH no longer worked...

And @eibgrad was completely right: after setting environment variables the scripts do work using cron. Thank you once again!
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top