[nycphp-talk] PHP script to manipulate Cron (continued)
hans at nyphp.org
Tue Aug 26 14:48:08 EDT 2003
tom at supertom.com wrote:
> Ok, I have the interface and class file working, so I can add entries to the
> webservers cron (thanks guys!). But now....
> Anyone have any good ideas about a safe and organized way to have these cron
> entries be entered under their own users? I have access to
> username/passwords of the accounts if that helps.
Needless to say, this is risky business. You could use su/sudo to execute commands as other users, which would let you add/change/delete their cronjobs. Or, you could su commands as root, which would let you inject cronjobs as other users, but then your webserver is doing stuff as root. If we're talking Apache, which I'm sure we are :) there's suEXEC, which if setup properly can be pretty safe. Also, maybe if you're running PHP as CGI, you could play with permissions and so forth like that. I've also written local daemons that run as root and listen for requests from the webserver to execute a very limited set of commands - this is probably safe, but a pain in the neck to do.
There isn't really any nice way of doing, AFAIK, and I'd see if there's an architectural change possible, to avoid doing it at all. Maybe just have one cronjob running as root that wakes up on a regular interval and queries a MySQL table or some /flat files/lock files/queue directory/ for what needs to be done?
More information about the talk