Thank you for the hints I modified like you described. I also moved the permission part out of the loop (once at the end of the script is enough). Now with the "set -x" the script is working also in cron. Best regards Daniel -----Original Message----- From: CentOS [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Tony Mountifield Sent: Wednesday, February 1, 2017 11:04 AM To: centos@xxxxxxxxxx Subject: Re: Script not running correctly as cronjob In article <86827d81f1944333ae213f2d3f19856a@xxxxxxxx>, Daniel Reich <Daniel.Reich@xxxxxxxx> wrote: > Hi > > I have a script to resign all DNS zones every two weeks. When i run > the script from bash, it works like it should. But when it is executed in cron not. Its starting normal as cronjob: > Feb 1 03:00:01 xxx CROND[20116]: (root) CMD (sh > /opt/dnssec/resign_dnssec_zones.sh) > > But after i get a mail that everything is finsihed, but it isn't. > 03:04:28 DNSSEC-Signierung abgeschlossen > > The script deletes the old signed zones, but don't resign it. The mail is also sent. > Below the script. > > Anybody an idea why it doesn't work in cron?^ I cannot find any error > in any log. After the first line, add a line saying: set -x Then set cron to run it and examine the output that gets mailed to you. The -x tells it to echo each command it is about to execute. That will help you to see how far it is getting. Further comments below. Cheers Tony > Best regards > Daniel > > > #!/bin/bash > KSKDIR="/etc/named/KSK" > ZSKDIR="/etc/named/ZSK" > ZONEDIR="/var/named/chroot/var/named" > LOG="/var/named/chroot/var/log/dnssec_resign.log" > MAILREC="monitor@xx" > > #delete old signed files > rm -rf $ZONEDIR/*.signed > > #delete the old log > rm -rf $LOG > > #read the zonefiles > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > for FILES in $ZONEFILES; do > #remove the .zone at the end > ZONE=$(echo "${FILES%.*}") Why not just: ZONE=${FILES%.*} > #remove the old signed zone > rm -rf $ZONEDIR/$ZONE.signed You deleted them all further up. > #Sign the zone > cd $ZONEDIR Why not do this before the loop? Then you also don't need $ZONEDIR/ everywhere. > dnssec-signzone -o $ZONE -k $KSKDIR/K$ZONE.*.key -e +3024000 > -f $ZONE.signed $ZONEDIR/$ZONE.zone $ZSKDIR/K$ZONE.*.key >> $LOG > > #Set the correct permissions > chown named.named $ZONEDIR/*.signed > chmod 755 $ZONEDIR/*.signed > sleep 5 > done > rm -rf $ZONEDIR/named.zone > > echo $(date +"%T")"DNSSEC-Signierung abgeschlossen - Neustart des > Servers" >> $LOG echo "$(cat $LOG)" | mail -s "DNSSEC-Signierung > abgeschlossen auf xxx" $MAILREC > > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > https://lists.centos.org/mailman/listinfo/centos > -- Tony Mountifield Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos