Any harm having plain-text passwords in the root crontab?
I've run into a...frustrating...situation. I have a python script which needs to be executed on a cron schedule, with root permissions, but with the environment of the normal user. Long story short, the python script is updating some packages on their behalf. The only way I've found so far to get this properly working is edit the root crontab and utilize
runuser to execute. Only problem is the root password needs to be passed in the run command, similar to the below:
sudo crontab -e and then in the crontab:
runuser userjoe --command="echo Ro0tPasSwuRd | sudo -S python3
" > /dev/null 2>&1
That way, the python script gets executed with the environment of "userjoe," with root permissions so it can update the packages it needs to do. I don't believe this poses a security risk, since the only way the root password would be exposed is if someone could edit the root crontab. In which case, they must already have root privileges. Anything I'm missing?
[link] [comments] ...