Cron Job "Run As User" does not inherit user's groups

[Slovak]

I have two FreeNAS instances, one a clean install and one recently upgraded from 11.1-U7. Both are on the latest 11.3-RELEASE (STABLE)

I set up a Cron Job task and set "Run as User" field to john, input the appropriate command, and received errors I tracked down to permission issues. Very similar to https://www.ixsystems.com/community...-u6-cron-not-working-permission-denied.70925/

At the command line, I get this (correct) output:

Code:

root@freenas >id
uid=0(root) gid=0(wheel) groups=0(wheel)

john@freenas >id
uid=1001(john) gid=1001(john) groups=1001(john),816(media),972(plex),983(syncthing),1002(backup)

From the Cron Job output running the same command id, I get this via email:

Code:

#"Run as User" set to root
uid=0(root) gid=0(wheel) groups=0(wheel)

#"Run as User" set to john
uid=1001(john) gid=1001(john) groups=1001(john)

Same exact command and cron job settings (including the upgraded instance) used to work as expected in 11.1-U7 and prior versions.

For now, my workaround is to set the Cron Job to run as root, using sudo:

Code:

#"Run as User" set to root
#Command altered to
#sudo -i -u john id
uid=1001(john) gid=1001(john) groups=1001(john),816(media),972(plex),983(syncthing),1002(backup)

Incidentally, the root user under 11.1-U7 did have the "Permit Sudo" enabled, and after migrating to 11.3-RELEASE that field was unchecked. Unsure if that is related.

Is there a change in the 11.3-RELEASE that does not inherit the user's groups when running a Cron Job?

 

[STREBLO]

Same problem occurs for me. Running job as 'john':

Code:

id > ~john/t

In ~john/t:

Code:

uid=1000(john) gid=1000(john) groups=1000(john)

From shell:

Code:

root@lilan[~]# id john
uid=1000(john) gid=1000(john) groups=1000(john),0(wheel),80(www),983(syncthing),1003(replicator),2001(naddy),8675309(media)

 

[KrisBee]

Isn't this due to the limited set of environment variables used by cron as compared to those set in user john's interactive-shell login? ( Reference: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-cron.html and crontab(5) )

 

[STREBLO]

Unless I'm mistaken, I don't think groups have anything to do with environment variables.

I unset all my differing environment variables and set them to the ones from the cron user and had the same output:

cronjob:

Code:

env > ~john/t

unset differing:

Code:

unset SHELL USER HOME SHLVL LOGNAME TERM PWD MAIL

Set vars:

Code:

while read p; do export $p; done < ~john/t

The differing variables, I don't think any of them would make any difference to the groups:

shell env:

Code:

SHELL=/usr/local/bin/zsh
HOME=/mnt/tank/home/john
USER=john
OLDPWD=/mnt/tank/home/john
SHLVL=1
LOGNAME=root
TERM=xterm
PWD=/mnt/tank/home/john
MAIL=/var/mail/john

cron env:

Code:

IOCAGE_DEBUG=TRUE
MAIL=/var/mail/$
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/root/bin
HOME=/
PWD=/mnt/tank/home/john
DJANGO_SETTINGS_MODULE=freenasUI.settings
TZ=America/Los_Angeles
MIDDLEWARED=80
LC_ALL=en_US.UTF-8
RC_PID=28