Problems When Running Periodic Tasks with Cron on Linux

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
Post Reply
fractalxaos
Registered User
Posts: 1
Joined: Thu May 19, 2022 5:05 pm

Problems When Running Periodic Tasks with Cron on Linux

Post by fractalxaos »

Introduction:
I'm not certain where to post this, so please have patience. What follows has to do with a problem other users have experienced and which I encountered myself. After searching the Internet and reading several posts I realized that many users have a misunderstanding about Linux cron jobs, especially regarding permissions required of a cron job. This post may seem a little long, yet I feel that, to do a service to other users, requires somewhat of a little drill down into details. I also hope this post helps provide admins with a deeper understanding of Linux devops as related to cron and permissions.

Problem:
When periodic tasks get run by the Linux cron daemon, the same emails get sent, over and over again. This manifests very visibly when the board is set up to send a notification to the board administrator whenever a user registers for an account. Every time cron runs periodic tasks, the administrator will get the same notification emails, over and over again.

Analysis of Problem:
There's an old saying in Linux "When in doubt, check permissions".

Phpbb queues up in a single file emails that are to be sent out to users and admins. This file, a php script named "queue.php", is located in the DOC_ROOT/phpbb/cache/production folder. When periodic tasks run the emails queued up in this file get sent and, normally, at that time they are removed from the file.

Periodic tasks are launched by the script "phpbbcli.php" located in the DOC_ROOT/phpbb/bin folder. This script must have permissions to access files in the DOC_ROOT/phpbb/cache/production folder. A fundamental misunderstanding I see among a lot of users is that a Linux executable only has the same access to folders and files that the user running the executable has access to.

In the out-of-the-box phpbb Linux install, only the apache www-data user has full read/write/execute permission on the "production" folder.

drwxr-xr-x 3 www-data www-data 4.0K May 19 10:50 production/

Now we must ask, what user runs "phpbbcli.php" and what permissions does that user have? Out-of-the-box the default user - the user logged in when phpbb was installed - has permissions to read/write/execute, and the default user group has permission to read/execute.

-rwxr-xr-- 1 DEFAULT_USER DEFAULT_USER 2.9K Mar 17 12:13 phpbbcli.php*

If you are logged in as the default user then any executable you run will only have your permissions.

Since the default user has only read/execute permissions, when the default user runs "phpbbcli.php" periodic tasks will NOT be able to modify any files in the production folder.

What we really want to do is run "phpbbcli.php" with the permissions of the apache www-data user. This can be done with the super-user "run as user" command, for example,

sudo -u www-data DOC_ROOT/phpbb/bin/phpbbcli.php cron:run

In order for this to work the www-data user must have permission to read/execute "phpbbcli.php". As phpbb installs out-of-the-box the permissions are set as shown above. The www-data user does not have read/execute access to "phpbbcli.php".

At this point there are two ways to go: 1) add the www-data user to the default user group, or 2) make www-data the group owner of "phpbbcli.php". Adding www-data to the default user group is problematic, as then www-data user has access to a great many more default user files than just the phpbb files. Making www-data the group owner seems the best choice. Thus the permissions for "phpbbcli.php" should look like

-rwxr-xr-- 1 DEFAULT_USER www-data 2.9K Mar 17 12:13 phpbbcli.php*

Suggested Fix:
The following provides detailed steps to fix the problem on a hypothetical Linux install running on a Raspberry Pi. The default user in this case is the "pi" user, and phpbb has been installed in the default user public_html folder, that is, "/home/pi/public_html/phpbb".

1. In the phpbb administrative control panel navigate to General>Server settings and select "Yes" for "Run periodic tasks from system cron".

2. Log into the Raspberry Pi, in a command line shell, as the default "pi" user.

2. Navigate to ~/public_html/phpbb/bin.

cd ~/public_html/phpbb/bin

3. Change group owner of "phpbbcli.php" to www-data.

sudo chown :www-data phpbbcli.php

4. Change "phpbbcli.php" permissions to allow the www-data group to have execute and read permissions.

chmod 754 phpbbcli.php

5. Edit the crontab file using the command "crontab -e". Add the following line

*/5 * * * * (sudo -u www-data /home/pi/public_html/\
phpbb/bin/phpbbcli.php cron:run)

Note that this step will only work if the pi user is in the sudo group. By default this how the Raspberry Pi OS comes out-of-the-box.

Conclusion:

The problem in not a bug in the phpbb software. Rather it is a problem in the documentation. The documentation does not sufficiently explain how to run periodic tasks using cron on Linux systems.

Suggestion:

Update the documentation.
Last edited by Mick on Fri May 20, 2022 6:56 am, edited 1 time in total.
Reason: Moved from support.
User avatar
MarkDHamill
Registered User
Posts: 4885
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: Problems When Running Periodic Tasks with Cron on Linux

Post by MarkDHamill »

I filed this related bug. So far no response.

https://tracker.phpbb.com/browse/PHPBB3-16917?filter=-2
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. Covers through phpBB 3.3.7. eBook and paper versions available.
Post Reply

Return to “phpBB Discussion”