[nycphp-talk] PHP script to manipulate Cron (continued)
tom at supertom.com
tom at supertom.com
Tue Aug 26 15:10:59 EDT 2003
"here isn't really any nice way of doing, AFAIK, and I'd see if there's an
architectural change possible, to avoid doing it at all. Maybe just have
one cronjob running as root that wakes up on a regular interval and queries
a MySQL table or some /flat files/lock files/queue directory/ for what needs
to be done?"
Yup, we just talked about it here - and that's what we are going to do.
Thanks for the help, and see you in 3 1/2 hours (if I don't get lost). :-)
Tom
***************************************************
What's Tom listening to right now? Find out here:
http://www.supertom.com/current_track.php
-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Hans Zaunere
Sent: Tuesday, August 26, 2003 2:48 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] PHP script to manipulate Cron (continued)
tom at supertom.com wrote:
> Ok, I have the interface and class file working, so I can add entries to
the
> webservers cron (thanks guys!). But now....
>
> Anyone have any good ideas about a safe and organized way to have these
cron
> entries be entered under their own users? I have access to
> username/passwords of the accounts if that helps.
Needless to say, this is risky business. You could use su/sudo to execute
commands as other users, which would let you add/change/delete their
cronjobs. Or, you could su commands as root, which would let you inject
cronjobs as other users, but then your webserver is doing stuff as root. If
we're talking Apache, which I'm sure we are :) there's suEXEC, which if
setup properly can be pretty safe. Also, maybe if you're running PHP as
CGI, you could play with permissions and so forth like that. I've also
written local daemons that run as root and listen for requests from the
webserver to execute a very limited set of commands - this is probably safe,
but a pain in the neck to do.
There isn't really any nice way of doing, AFAIK, and I'd see if there's an
architectural change possible, to avoid doing it at all. Maybe just have
one cronjob running as root that wakes up on a regular interval and queries
a MySQL table or some /flat files/lock files/queue directory/ for what needs
to be done?
H
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list