Hi,
Alexander Klimetschek schrieb:
> On Fri, Dec 19, 2008 at 2:18 PM, Felix Meschberger <[email protected]> wrote:
>> Yes, exactly. It is just like in unix, where we rely on the correct
>> system setup.
>
> Not exactly. To cite Bertrand:
>
> Unixish systems solve this by using the identity of the user who owns
> the script (unless the setuid flag is set), and enforcing the way this
> identity can be set - but we don't have that kind of feature in JCR,
> or do we?
Really, so then we have be slightly different:
<cron_root>
+--- admin
+---- crontab of admin
+--- xyz
+---- crontab of user xyz
And administration will have to make sure the respective "folders" are
only writeable by the respective user. Alternatively, a management API
may be defined, which helps manage the contents similar to the "crontab"
binary:
* ensures that only the owner may write her crontab
* writes the crontab itself as admin
Then access to <cron_root> would be limited to the admin.
Finally the events are actaually executed as the crontab owner user.
The thing with the hourly etc. stuff is IIUC reserved to root anyway,
right ?
Regards
Felix
