I have a nasty time when you run a non-root crontab file on Alpine Linux.
I went through two other cron related entries and I have no answer:
https://askubuntu.com/questions/23009/why-crontab-scripts-are-not-working
https://serverfault.com/questions/449651/why-is-my-crontab-not-working-and-how-can-i-troubleshoot-it
Here is the setup.
My crontab is as follows:
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/aws/bin:/home/ec2-user/bin SHELL=/bin/bash * * * * * /opt/monitor/monitor.sh >> /var/log/monitor.log 2>&1 0 3 * * * /opt/monitor/monitor-log-clean.sh >> /var/log/monitor.log 2>&1
My Dockerfile is a bit confusing right now, but only because I was desperately trying to resolve it. It looks something like this. In short, I add the SUID for crontab -e to work like other users, I create my user, I import my crontab file, and then grant permissions for everything I can think of.
FROM alpine:3.5 # DEPENDENCY TO ALLOW USERS TO RUN crontab -e RUN apk add --update busybox-suid # I LIKE BASH RUN apk --no-cache add bash bash-doc RUN apk --no-cache add util-linux pciutils usbutils coreutils binutils findutils grep #... lots of custom stuff ... # CREATE USER RUN adduser -S robuser && \ mkdir -p /home/robuser # ADD ENTRY POINT ADD src/entrypoint.sh /home/robuser/entrypoint.sh # GIVE MY USER ACCESS RUN mkdir /etc/cron.d RUN echo "robuser" > /etc/cron.allow RUN echo "" >> /etc/cron.allow RUN chmod -R 644 /etc/cron.d # ADD MY CRONTAB RUN mkdir -p /var/spool/cron/crontabs ADD ./src/crontab.conf /tmp/cloudwatch/crontab.conf RUN crontab -u robuser /tmp/cloudwatch/crontab.conf # DEBUG... GIVE MY USER ACCESS TO EVERYTHING RUN chown -R robuser /etc/cron.d RUN chmod -R 755 /etc/cron.d RUN chown -R robuser /var/spool/cron RUN chmod -R 744 /var/spool/cron RUN chown robuser /var/spool/cron/crontabs RUN chmod 744 /var/spool/cron/crontabs RUN chown -R robuser /etc/crontabs RUN chmod -R 744 /etc/crontabs RUN chown robuser /etc/crontabs/robuser RUN chmod -R 744 /etc/crontabs/robuser RUN chmod 600 /var/spool/cron/crontabs/robuser # ADD MY MONITORING PROGRAM RUN mkdir -p /opt/monitor ADD src/monitor /opt/monitor RUN mkdir -p /opt/monitor/.tmp && \ chown -R robuser /opt/monitor && \ chmod -R 700 /opt/monitor RUN touch /var/log/entrypoint.log && \ touch /var/log/monitor.log && \ touch /var/log/cron.log && \ touch /var/log/awslogs.log && \ chown -R robuser /var/log USER robuser ENTRYPOINT /home/robuser/entrypoint.sh
Meanwhile, my entrypoint.sh has this somewhere in it. I run the cron daemon as a help service and enter the cron.log log. I also tried specifying -d 0 to get even more debugging, but actually added nothing to the output.
#!/bin/bash crond -b -l 0 -L /var/log/cron.log
An important point: if I do not switch to robuser, everything works fine as root .
If I checked cron.log, its pretty empty:
crond: crond (busybox 1.25.1) started, log level 0 crond: wakeup dt=45 crond: wakeup dt=60 crond: wakeup dt=60
Meanwhile, /var/log/monitor.log is completely empty (see crontab at the beginning of the post).
Thus, crond does not print any errors.
I tried everything I could think of to debug this. There is no error message. It just starts up and never prints. A good suggestion was just my crontab .. but that also didn't work:
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/aws/bin:/home/ec2-user/bin SHELL=/bin/bash * * * * * touch /tmp/test.txt
I tried looking for other alpine containers that use non-root cron, but most people cannot cope with the problem of getting their alpine containers to run without root authority.
Does anyone have any further suggestions to help debug this?