@dmbaturin should we run all our scripts with such wrapper? (e.g. add it to all places where scripts can be used)

@zsdc Which version are you using? It should be fixed in rc1 already. If you are using rc1 or newer, that means the fix is incomplete.

If you are using 1.1.8, please use sg as @syncer suggests.

@zsdc Ah, sorry, rolling-1028. I'll take a look.

@syncer, thanks for hint. Works with:

[edit]
vyos@vyos# show system task-scheduler 
 task testtask01 {
     crontab-spec @reboot
     executable {
         arguments "vyattacfg /config/scripts/testscript01.script"
         path /usr/bin/sg
     }
 }
[edit]
vyos@vyos#

But this workaround is ugly a little bit (if we want to use arguments for example).
Maybe, better will be if VyOS will do this under the hood, without end-user engagement?

@zsdc Yes, that's the idea. We even have a task about it: T462

The code looks right to me. Could you create a task without the workaround and post relevant crontab line?

@dmbaturin after some thinking about this problem I think that doing sg for all script is not a very good idea. There can be a situations, when we wan't to run it from other groups.
By now, I see two ways:

• add additional parameter to executable option, that will define using script vbash with template or not;
• move setting up right group to /opt/vyatta/etc/functions/script-template.

Second way seems more practical and easy for configuration migrations.

As a workaround could this be added as the first lines of the bash script?
This will check the primary group the script executes via and respawn as the vyattacfg group if it's something else before continuing.

if [ $(id -gn) != vyattacfg ]; then
    exec sg vyattacfg "$0 $*"
fi

NB! the if is necessary because the script should not execute the exec when you respawn as correct group.
You will end in a exec loop if its not there .. :)
i've not tested this on vyos, but have helped me on other systems

@zsdc can you try to reproduce this issue on 1.3 rollings or on 1.2.5? I can't reach this behavior.

I don't see this behavior in VyOS 1.3-rolling-202007270117

set system task-scheduler task test crontab-spec '@reboot'
set system task-scheduler task test executable path '/config/scripts/test.sh'

vyos@r1-roll:~$ sudo cat /config/scripts/test.sh
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template

sleep 30s
configure
set interfaces ethernet eth1 description FOO
commit
exit

Reboot

vyos@r1-roll:~$ show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             192.168.122.11/24                 u/u  
eth1             192.168.100.189/24                u/u  FOO


vyos@r1-roll:~$ conf
se[edit]
vyos@r1-roll# set interfaces ethernet eth0 description BAR
[edit]
vyos@r1-roll# commit
[edit]
vyos@r1-roll# run show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             192.168.122.11/24                 u/u  BAR
eth1             192.168.100.189/24                u/u  FOO
lo               127.0.0.1/8                       u/u  
                 ::1/128                                
[edit]
vyos@r1-roll#

@zsdc can we close it?