Hi Lars Trieloff schrieb: > I think admin is a good start. In Linux these scripts are usually run > under the permissions of root, and are writeable by wheel, which is in > fact, quite secure. In the future we might think about adding > user-cron-dirs, just like we have user-specfic crontabs.
Which is what I just proposed in the issue ;-) And I agree, that the /etc/cron.d scripts should be run as admin, where special access rights (just like in *nix) should restrict who is allowed to create entries. Regards Felix > > regards, > > Lars > > On Thu, Dec 18, 2008 at 5:47 PM, Bertrand Delacretaz > <[email protected]> wrote: >> Hi, >> >> On Thu, Dec 18, 2008 at 5:25 PM, Lars Trieloff (JIRA) <[email protected]> >> wrote: >>> Key: SLING-788 >>> ...I would like to be able to script scheduled events in an easy fashion >>> that works just like >>> the /etc/cron.d/ directory on my Linux server: I put a shell script into >>> /etc/cron.d/daily and it >>> will get executed once a day.... >> I like the idea, and scripts might also be activated as JCR >> observation listeners by saving them in a specific location. >> >> One problem is, which user identity do those scripts run under? >> >> Running them as admin is a security risk if a non-admin user is >> allowed to write them. >> >> Making the "event scripts" tree writable by admin only makes things >> safe but limited. >> >> Unixish systems solve this by using the identity of the user who owns >> the script (unless the setuid flag is set), and enforcing the way this >> identity can be set - but we don't have that kind of feature in JCR, >> or do we? >> >> -Bertrand >> >
