1

I've automated a daily restart for Firefox (edited by running crontab -e) and forgot to take into account whether the program would launch with administrator privileges.

killall -s SIGTERM firefox; sleep 15
export DISPLAY=:0.0
firefox -P "user" &

Browsing Javascript webpages as root presumably would be an extremely high security risk — Firefox thankfully seems to reject the request (from a VM):

    restorecon: restorecon: SELinux: Could not get canonical path for /root/.mozilla/firefox/* restorecon: No such file or directory.
    SELinux: Could not get canonical path for /root/.mozilla/firefox/* restorecon: No such file or directory.
    Running Firefox as root in a regular user's session is not supported.  ($XAUTHORITY is /run/user/1000/.mutter-Xwaylandauth.<a potential ID string> which is owned by user.)

Will even web browsers be ran as root by cron? What if the root's crontab was used instead?

user598527
  • 609
  • Which crontab did you edit? That's primarily what drives which user account it uses. – Chris Davies May 14 '22 at 10:43
  • cron has its own environment and does not (by default) have access to any graphical context. Even if it's running as the same user account as the person currently logged on to a GUI – Chris Davies May 14 '22 at 10:44
  • @roaima crontab -e, the user's crontab file. – user598527 May 14 '22 at 11:05
  • @roaima I've the line export DISPLAY=:0.0 in my script; update the question. – user598527 May 14 '22 at 11:08
  • 1
    Run the script from the user's crontab, not from root's. That's what I assumed you were doing in your original question. – cas May 15 '22 at 02:06
  • An absolutely misleading question; I've managed to run Firefox as root and didn't understand that the user and root have their own crontabs. – user598527 Mar 15 '24 at 18:13

1 Answers1

1

Does cron run graphical applications as root?

There are (at least) two questions in here, even if you don't realise it! :-)

  1. What user account does cron use to run jobs?

    If a user creates a cron entry in their own crontab, by using the crontab command, the job will be run as that user. This applies even to root.

    If a suitably privileged user creates an entry in one of the system crontabs, for example by adding an entry to a file in /etc/cron.d, the job must define the user account that will be used to run it.

  2. Does cron run graphical applications?

    The cron execution environment is deliberately cut down to a minimum. Frequent questions here ask why applications cannot be found (the $PATH doesn't include additional directories) or why files aren't going written to the expected directory (the initial directory is $HOME).

    You may find that setting $DISPLAY is sufficient but usually at least one additional authentication variable is required for GUI applications to run. See Using notify-send with cron for one example.

Chris Davies
  • 116,213
  • 16
  • 160
  • 287