What is your opinion on this security issue? See http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=1993
Thx for your time, Marcel --- Comment #33 from M. de Rooy <[email protected]> --- Katrin: Just another observation. I set my SELinux temporarily to Permissive. I can add a job, but there is another security issue. At job run time, I receive the mail: This account is currently not available. Why? Because my apache user is not allowed to login. So the job cannot be run, although it is allowed via at.allow etc. This brings me to a more important question: Should we encourage Koha users to allow login for apache user to make use of the Task Scheduler? Note that is a general Apache hardening measure to not allow interactive login for the apache user. IMO we (as Koha developers) should not stimulate Koha users to lower security barriers to enable Koha functionality. Another approach to the Task Scheduler could be to have a specific cronjob, look for Koha reports to run at specified times without allowing apache to add generic jobs with all security risks attached.. Moving this report to In Discussion. Will send a mail to the dev list. _______________________________________________ Koha-devel mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
