0

We are trying to make environment variable available to a cron job and request some help with this.

Please find below what we have done:

  1. We created a shell script "script_a.sh" that accepts a value from the root user in an interactive shell. Once accepted, it would export that accepted value under "userValue" environment variable.
  2. We have another script called "script_b.sh" invoked by cron job. We would like "userValue" environment variable available to "script_b.sh".

However, the "userValue" is not available to "script_b.sh".

At present, as a temporary alternative we are exporting "userValue" environment variable to ~/.bashrc to make it available to "script_b.sh". However, we don't want to store "userValue" environment variable in plain text in ~/.bashrc due to security reasons.

Can you please help any alternative around it?

collaborate.ever
  • 41
  • 4
  • Splitting into two scripts doesn't get you out of having some serious security-impacting design decisions to make. _Personally_, I would change your cron job to be a systemd service (started by a systemd timer), and have the interactive script populate a credential -- see https://www.freedesktop.org/software/systemd/man/systemd-creds.html. Of course, you want to make sure that credential is readable only by root -- systemd can do the work of exposing it to the specific non-root service you want it to be read by. – Charles Duffy Jul 13 '22 at 15:33
  • BTW, using `.sh` extensions on executables is bad form. See [commandname extensions considered harmful](https://www.talisman.org/~erlkonig/documents/commandname-extensions-considered-harmful/), the essay which has been linked by the #bash IRC channel on that topic for well over a decade. – Charles Duffy Jul 13 '22 at 15:36
  • Thank you so much Charles for a quick response, we shall give it a try based on your guidance and shall keep you posted on how it went! – collaborate.ever Jul 13 '22 at 16:51
  • (perhaps I should have linked to https://systemd.io/CREDENTIALS/ as a better introduction to service credentials) – Charles Duffy Jul 13 '22 at 17:20

0 Answers0