You don’t need to make any entry in rc.local or symlink - Qubes has already covered
this as you will see if you examine /rw/bind-dirs/var/spool/cron, and
cron will work out of the box when you enable the service.
You should use crontab -e to create and change crontab entries.
I see your entry: * * * * * user /rw/home/user/path/to/./backup.sh
Can you try that without the user field?
It would be helpful if you posted the contents of backup.sh
$ sudo systemctl status cron
● cron.service - Regular background program processing daemon
Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/cron.service.d
└─30_qubes.conf
Active: inactive (dead)
Condition: start condition failed at Sat 2020-12-19 13:03:38 CET; 8min ago
└─ ConditionPathExists=/var/run/qubes-service/crond was not met
Docs: man:cron(8)
Dec 19 13:03:38 VM systemd[1]: Condition check resulted in Regular background program processing daemon being skipped.
I’ve tried sudo and user crontab now, but doesn’t look like anything is being done. /var/run/qubes-service/crond doesn’t exist.
I thought you said this was a Fedora based qube? The service there is
crond isn’t it?
Are you now using a different template?
The error suggests that you have not enabled the crond service: qvm-service -e <qube> crond
I’m not the OP, but could use some help as well. Looks like the services are different in Debian, since after running that command I still get the same output.
The services are different in Debian, but the command is the same, and
the required file is the same. (Qubes cleverness)
Did you restart the qube after issuing the command?
Nice, cron works now after a reboot.
However, the Filecopy dialog still pops up, after changing the /etc/qubes-rpc/policy/qubes.FileCopy, since the source VM doesn’t know which VM it’s being sent to, for security reasons.
Edit: Command seems to be qrexec-client-vm cloud qubes.FileCopy file.txt
But I still get permission denied. I tried both qubes.FileCopy and qubes.Filecopy files.
I’m getting a little lost in the other (very welcome!) issues raised in the thread.
My current state of play is:
Crond has been enabled in qvm service crond status confirms that crond is up when the AppVM is running
there is an entry in the rc.local to replace /etc/crontab with /rw/home/user/path/to/new/crontab
the script which is invoked in the crontab, runs fine when run manually and doesn’t require sudo
Tl;dr - Crond is running (in a Fedora based AppVM), the script backup.sh runs fine when invoked, crontab is rewritten upon boot to
* * * * * user /rw/home/user/path/to/./backup.sh
I’ve tried it with ‘user’ and without ‘user’, no difference. Cron doesn’t seem to have logs so can’t find whether the issue is with the crontab edit, some permissions thing or something more fundamental.
One reason why I hate forums like this - they make it incredibly
difficult to follow lines of discussion within a single thread.
My remark was directed toward @9009 who complained that the FileCopy
dialog opened.
It looks like cron(ie) does not get installed by default in Fedora 32. qvm-service [appvm] crond only determines if the service is “enabled” from a Qubes OS perspective. The issue here is that the packages for cron aren’t even installed - perhaps this is a Fedora 32 template bug? My Debian 10 template already had cron installed by default.
In your Fedora 32 template, execute:
sudo dnf install cronie
Shut down the template and your AppVM.
Ensure you have the crond service enabled by Qubes; in dom0:
qvm-service [appvm] crond on
Now, cron will be enabled in the appvm. To verify, boot the appvm, and check:
systemctl status crond
Result should have Active: active (running) (on Debian, change crond to cron).
This the baseline - making sure cron(d) is running before changing anything. If the above doesn’t check out, you have to resolve that first.
At this point now you can make your changes.
When you enable crond from Qubes OS (with qvm-service), Qubes redirects the crontabs that would normally be stored on the root file system to be to be stored persistently within the AppVM under /rw/bind-dirs/var/spool/cron. The system-wide root crontab at /etc/crontab is not affected.
To stay in the “Qubes OS” lane as well as being a little more declarative, I would suggest to leave /etc/crontab alone and place your cron entries in the crontab for the user user.
In your appvm, have these files:
~user/backup/backup.sh: Performs the backup commands
~user/backup/crontab: Contains crontab entry to exec backup.sh:
* * * * * ~user/backup/backup.sh
Assuming you have no other crontab things to add for this AppVM, set the crontab for the user:
$ crontab ~user/backup/crontab
Logs? Check journalctl -u crond in Fedora or journalctl -u cron in Debian. This will tell you when crond is triggered.
If your backup.sh script generates output, check user’s mail with the mail command. Or, make sure backup.sh redirects output within the script itself to a file…or change the crontab…etc.
OP has already stated that they have confirmed that crond is up when the
appVM is running - “crond status confirms that crond is up when the AppVM
is running” - so much of your explanation is not particularly helpful.
@JustAnotherQubesUser - Is there a chance that you can post the contents
of the backup.sh file, anonymised if possible?