I have a task that I would like to have run automatically throughout the
day without user intervention (guessing I would use a cron job to run a
rake task). It will be reading in an RSS feed and using that data to
update a database. The application is secure, using https and requiring
user certs. So how do you go about having an automated task run with
basically the rights of the server, as opposed to passing in user
credentials?
On Nov 10, 2011, at 11:08 AM, Terri I. wrote:
I have a task that I would like to have run automatically throughout the
day without user intervention (guessing I would use a cron job to run a
rake task). It will be reading in an RSS feed and using that data to
update a database. The application is secure, using https and requiring
user certs. So how do you go about having an automated task run with
basically the rights of the server, as opposed to passing in user
credentials?
cron tasks run as the user
su - root
crontab -e
su - administrator
crontab -e
2 different crontabs executed as each user
Craig
Craig W. wrote in post #1031292:
On Nov 10, 2011, at 11:08 AM, Terri I. wrote:
I have a task that I would like to have run automatically throughout the
day without user intervention (guessing I would use a cron job to run a
rake task). It will be reading in an RSS feed and using that data to
update a database. The application is secure, using https and requiring
user certs. So how do you go about having an automated task run with
basically the rights of the server, as opposed to passing in user
credentials?
cron tasks run as the user
su - root
crontab -esu - administrator
crontab -e2 different crontabs executed as each user
Craig
Well, the root or administrator user don’t have X509 certificates that
can be read in. Is there a different way to run code automatically
without requiring user credentials, that can only be called by the
server (such that a user couldn’t hack in by entering the
controller/method in the URL)?
There’s got to be a way of running server-type tasks that you don’t want
users being able to launch. I’m sure I’m missing something simple
here…
On Nov 10, 2011, at 12:45 PM, Terri I. wrote:
Well, the root or administrator user don’t have X509 certificates that
can be read in. Is there a different way to run code automatically
without requiring user credentials, that can only be called by the
server (such that a user couldn’t hack in by entering the
controller/method in the URL)?
There’s got to be a way of running server-type tasks that you don’t want
users being able to launch. I’m sure I’m missing something simple
here…
Bypass the web server was I’m sure what was meant by cron; just run a
script, which might or might not be written in Ruby, and might or might
not use ActiveRecord to communicate with the db.
–
Scott R.
[email protected]
http://www.elevated-dev.com/
(303) 722-0567 voice
On Thu, 2011-11-10 at 20:45 +0100, Terri I. wrote:
Craig
Well, the root or administrator user don’t have X509 certificates that
can be read in. Is there a different way to run code automatically
without requiring user credentials, that can only be called by the
server (such that a user couldn’t hack in by entering the
controller/method in the URL)?
There’s got to be a way of running server-type tasks that you don’t want
users being able to launch. I’m sure I’m missing something simple
here…
correct me if any of these assumptions are wrong…
-
everything essentially runs in user space (as some user)
-
generating ‘user certificates’ is under your control
-
you can generate a specific ‘user’ whose sole mission is to run this
process -
you have control over the web server and could use ‘deny,allow’
directives to only allow connections from localhost to that specific URL -
you have a system capable of running curl
Assuming these things to be true, it should be relatively simple to
create a user, create a cron job for this user that runs a specific curl
script that uses a client certificate to GET/POST a specific URL
Craig
–
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
On 15 November 2011 17:15, Terri I. [email protected] wrote:
I do not have the ability to generate a certificate for a ‘non-user’. I
do not have root/admin privileges to the server but might be able to get
the admin to set up the deny/allow directives if that would enable me to
set something up to only allow connections from localhost or whatever
surrogate user is actually running the cron job.
I don’t understand what you are trying to do here. Are you able to
run a cron task on the server? If so can you not just do what you
need to with a rake task acting directly on the database? Why do you
need to get involved in certificates?
Colin
Craig W. wrote in post #1031362:
On Thu, 2011-11-10 at 20:45 +0100, Terri I. wrote:
Craig
Well, the root or administrator user don’t have X509 certificates that
can be read in. Is there a different way to run code automatically
without requiring user credentials, that can only be called by the
server (such that a user couldn’t hack in by entering the
controller/method in the URL)?
There’s got to be a way of running server-type tasks that you don’t want
users being able to launch. I’m sure I’m missing something simple
here…
correct me if any of these assumptions are wrong…
everything essentially runs in user space (as some user)
generating ‘user certificates’ is under your control
you can generate a specific ‘user’ whose sole mission is to run this
processyou have control over the web server and could use ‘deny,allow’
directives to only allow connections from localhost to that specific URLyou have a system capable of running curl
Assuming these things to be true, it should be relatively simple to
create a user, create a cron job for this user that runs a specific curl
script that uses a client certificate to GET/POST a specific URLCraig
–
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
I do not have the ability to generate a certificate for a ‘non-user’. I
do not have root/admin privileges to the server but might be able to get
the admin to set up the deny/allow directives if that would enable me to
set something up to only allow connections from localhost or whatever
surrogate user is actually running the cron job.