Hi I have same issue. Can you please help me know where exactly I need to upload this new PHP file? I can’t see it through browser if I save it in var/www/suitecrm
it turns out to be root for me. Is it bad to add root in the allowed_cron_users?
It doesn’t work for me otherwise.
What do you mean by “it turns out to be root”?
You shouldn’t add root to allowed_cron_users, no.
And you definitely shouldn’t be running your web server as root (if that is what “it turns out” is about).
Please read this article.
Hey, thanks for replying.
Sorry for my dumb questions. I am new to all this. I am learning using online guides.
I have gone through the article multiple times. And I would not like to add root in allowed_cron_users, but if I don’t add root, then I get a Fatal Error.
I tried to add $cronUser followed by ‘cronUser’ instead of root but it doesn’t work.
Then I followed the process of going to mydomain.com/getting_current_user, and the name displayed there was root. So I had to add root allowed_cron_users. My schedulers started running after that. I still can’t send campaign emails though.
Is there any way to stop root from using the web server?
I split this into a separate topic, to avoid spamming other users.
If your SuiteCRM is running, please go into Admin / Schedulers and tell me what you see in the crontab instructions at the bottom. This should include the user name under which your web server is running.
I don’t believe it is root, because if it was you would have hacked the Siteground server completely. It must be something else.
1 Like
Yes, I don’t see root there.
My crontab has exactly these lines.
But the crontab doesn’t work if I don’t add root in allowed_cron_users in the config.php file
In order to run SuiteCRM Schedulers, edit your web server user’s crontab file with this command:
sudo crontab -e -u www-data
… and add the following line to the crontab file:
-
-
-
-
-
cd /var/www/suitecrm; php -f cron.php > /dev/null 2>&1
-
-
-
-
You should use www-data in allowed_cron_users.
If that doesn’t work, please provide the exact PHP Fatal error you get, and the relevant portion of the config.php file that you edited. Thanks
EDIT: also, please confirm that you added the cron entry exactly according to that instruction, and not some other method
The error I get:
cron.php running with user that is not in allowed_cron_users in config.phpPHP Fa tal error: Uncaught Exception: cron.php running with user that is not in allowe d_cron_users in config.php in /var/www/suitecrm/include/utils.php:1898
Stack trace:
#0 /var/www/suitecrm/cron.php(70): sugar_die()
#1 {main}
thrown in /var/www/suitecrm/include/utils.php on line 1898
I don’t get this error if I edit config.php as attached
Your case is very strange.
This is the relevant bit of code:
→ https://github.com/salesagility/SuiteCRM/blob/master/cron.php#L61-L71
That log message you posted, is that from suitecrm.log or php_errors.log? Whichever it is, please check the other one also.
The other messages should have more information. There are two ways this can be happening
-
Siteground is actually running your cron as root, which would be a huge security fail. Highly unlikely.
-
For some reason, the system is not reporting the user name correctly to SuiteCRM. While it is normal for some shared hosting systems to refuse giving the username, and there is already code there to handle that, it is the first I’ve seen this sort of thing, where root is reported…
Tell me if you can get more info from the other log. Thanks
EDIT: wait, are you on Siteground shared hosting? I must have gotten that from one of the other posts in the thread where we were before. Sorry. Tell me more about your server, and ensure your command appears in crontab -l -u www-data and not in crontab -l -u root
Suitecrm log:
Mon Jul 25 19:40:16 2022 [224603][1][FATAL] SugarBean::populateDefaultValues $field_defs should be an array
Mon Jul 25 19:55:52 2022 [235127][-none-][FATAL] cron.php: running as root is not allowed in allowed_cron_users in config.php. Exiting.
Mon Jul 25 19:55:52 2022 [235127][-none-][FATAL] cron.php: root’s crontab should not be used for cron.php. Use your web server user’s crontab instead.
If I manually execute php -f php in suitecrm directory then:
cron.php running with user that is not in allowed_cron_users in config.phpPHP Fatal error: Uncaught Exception: cron.php running with user that is not in allowed_cron_users in config.php in /var/www/suitecrm/include/utils.php:1898
Stack trace:
#0 /var/www/suitecrm/cron.php(70): sugar_die()
#1 {main}
thrown in /var/www/suitecrm/include/utils.php on line 1898
In the apache2 error log:
[Tue Jul 26 00:00:03.250646 2022] [mpm_prefork:notice] [pid 195443] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured – resuming normal operations
[Tue Jul 26 00:00:03.250700 2022] [core:notice] [pid 195443] AH00094: Command line: ‘/usr/sbin/apache2’
My system details:
Using digital ocean droplet with ubuntu 20.4
two php’s installed 7.4 and 8.1
I ensured 7.4 running
suitecrm version 7.11.18
The command doesn’t appear in:
crontab -l -u root
It appears in
crontab -l -u www-data
I see the code link shared by you is similar to cron.php
What do I need to do with it? Is it ok to edit it to add
CronAllowedUser($cronUser);
As suggested by abhishek07456 in this
Or should I simply add root in the allowed_cron_users in the config.php as I am not running on siteground?
If that is your own server, you can just bypass the warning whichever way you prefer. Add a name to the array, or change the if in cron.php to ignore that condition.
But I can’t wrap my head around the inconsistencies here. If your crontab command launches as www-data, howcome the script detects that it’s running under root? Maybe there’s a bug in one of those system calls in your particular configuration. I wonder if simply changing PHP version might solve this.
A different problem altogether is if you are, in fact, for some strange reason and in some strange way, running your cron jobs as root. To test this, you could make some change in cron.php to make it run some root-only shell command and see if it works.
If that is the case, I wouldn’t just ignore the issue, if I was you. It really is insecure. SuiteCRM handles security issues quite diligently, but still, it’s a huge PHP codebase with tons of old legacy code. New security issues keep getting discovered, and you wouldn’t want anyone to easily escalate any of those vulnerabilities by taking over the entire server as root.
I think that is because I created the first crontab in the etc folder by mistake.
But I deleted it and created the other one specific for www-data.
I stopped cron service several times, then reloaded it too. But it doesn’t work. Finally, I added root to the array list in config.php
Which PHP do you recommend? My email campaigns are not running too. Perhaps because of the PHP issue.
To test this, you could make some change in cron.php to make it run some root-only shell command and see if it works.
How to do this?
I am not a coder just a small business owner running on a tight budget.
Try nano /etc/crontab
If it’s there, remove it. Leave that cron.php line only in www-data’s crontab
It’s hard to find out more without a technical, hands-on approach, and those tweaks to the code to investigate.
You could try variations, just for diagnostics’ sake: different PHP version, different server, different SuiteCRM version.
Or you could just ignore all this, go with the risks, and when you get a more technical person that you trust, ask him to make sure your jobs are not running as root (they probably aren’t).
1 Like
I know that this is an older topic, but adding a couple bits of info here.
- Cron will always run as root so even if the file is under www-data:www-data group it should be able to run it without permission issues
- Use crontab -e to edit the crontab, it will avoid issues. Most likely you will need sudo.
- Don’t need to perform cd /var/suitecrm and then call cron.php, you can pass the whole path in one call.
- If you need to define php path on the cron execution, then your php is setup wrong. A simple check would be performing sudo php -i .
Hope this helps.
i see you’re dealing with siteground, and from what i’ve gathered in the previous posts, there might be something fishy with cron jobs. now, im no exprert, but the log message got me scratching my head too. it’s from suitecrm.log or php_errors.log? double-check both for more clues. it’s wild to thin siteground might be running you cron as root - major security red flag is true