I have a task that I would like to have run automatically throughout the day without user intervention (guessing I would use a cron job to run a rake task). It will be reading in an RSS feed and using that data to update a database. The application is secure, using https and requiring user certs. So how do you go about having an automated task run with basically the rights of the server, as opposed to passing in user credentials? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Craig White
2011-Nov-10 18:49 UTC
Re: Running rake task automatically with rights of server?
On Nov 10, 2011, at 11:08 AM, Terri I. wrote:> I have a task that I would like to have run automatically throughout the > day without user intervention (guessing I would use a cron job to run a > rake task). It will be reading in an RSS feed and using that data to > update a database. The application is secure, using https and requiring > user certs. So how do you go about having an automated task run with > basically the rights of the server, as opposed to passing in user > credentials?---- cron tasks run as the user su - root crontab -e su - administrator crontab -e 2 different crontabs executed as each user Craig -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Craig White wrote in post #1031292:> On Nov 10, 2011, at 11:08 AM, Terri I. wrote: > >> I have a task that I would like to have run automatically throughout the >> day without user intervention (guessing I would use a cron job to run a >> rake task). It will be reading in an RSS feed and using that data to >> update a database. The application is secure, using https and requiring >> user certs. So how do you go about having an automated task run with >> basically the rights of the server, as opposed to passing in user >> credentials? > ---- > cron tasks run as the user > > su - root > crontab -e > > su - administrator > crontab -e > > 2 different crontabs executed as each user > > CraigWell, the root or administrator user don''t have X509 certificates that can be read in. Is there a different way to run code automatically without requiring user credentials, that can only be called by the server (such that a user couldn''t hack in by entering the controller/method in the URL)? There''s got to be a way of running server-type tasks that you don''t want users being able to launch. I''m sure I''m missing something simple here... -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Scott Ribe
2011-Nov-10 19:59 UTC
Re: Re: Running rake task automatically with rights of server?
On Nov 10, 2011, at 12:45 PM, Terri I. wrote:> Well, the root or administrator user don''t have X509 certificates that > can be read in. Is there a different way to run code automatically > without requiring user credentials, that can only be called by the > server (such that a user couldn''t hack in by entering the > controller/method in the URL)? > There''s got to be a way of running server-type tasks that you don''t want > users being able to launch. I''m sure I''m missing something simple > here...Bypass the web server was I''m sure what was meant by cron; just run a script, which might or might not be written in Ruby, and might or might not use ActiveRecord to communicate with the db. -- Scott Ribe scott_ribe-ZCQMRMivIIdUL8GK/JU1Wg@public.gmane.org http://www.elevated-dev.com/ (303) 722-0567 voice -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Craig White
2011-Nov-11 02:51 UTC
Re: Re: Running rake task automatically with rights of server?
On Thu, 2011-11-10 at 20:45 +0100, Terri I. wrote:> Craig White wrote in post #1031292: > > On Nov 10, 2011, at 11:08 AM, Terri I. wrote: > > > >> I have a task that I would like to have run automatically throughout the > >> day without user intervention (guessing I would use a cron job to run a > >> rake task). It will be reading in an RSS feed and using that data to > >> update a database. The application is secure, using https and requiring > >> user certs. So how do you go about having an automated task run with > >> basically the rights of the server, as opposed to passing in user > >> credentials? > > ---- > > cron tasks run as the user > > > > su - root > > crontab -e > > > > su - administrator > > crontab -e > > > > 2 different crontabs executed as each user > > > > Craig > > > Well, the root or administrator user don''t have X509 certificates that > can be read in. Is there a different way to run code automatically > without requiring user credentials, that can only be called by the > server (such that a user couldn''t hack in by entering the > controller/method in the URL)? > There''s got to be a way of running server-type tasks that you don''t want > users being able to launch. I''m sure I''m missing something simple > here...---- correct me if any of these assumptions are wrong... - everything essentially runs in user space (as some user) - generating ''user certificates'' is under your control - you can generate a specific ''user'' whose sole mission is to run this process - you have control over the web server and could use ''deny,allow'' directives to only allow connections from localhost to that specific URL - you have a system capable of running curl Assuming these things to be true, it should be relatively simple to create a user, create a cron job for this user that runs a specific curl script that uses a client certificate to GET/POST a specific URL Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Terri I.
2011-Nov-15 17:15 UTC
Re: Re: Running rake task automatically with rights of server?
Craig White wrote in post #1031362:> On Thu, 2011-11-10 at 20:45 +0100, Terri I. wrote: >> > ---- >> > Craig >> >> >> Well, the root or administrator user don''t have X509 certificates that >> can be read in. Is there a different way to run code automatically >> without requiring user credentials, that can only be called by the >> server (such that a user couldn''t hack in by entering the >> controller/method in the URL)? >> There''s got to be a way of running server-type tasks that you don''t want >> users being able to launch. I''m sure I''m missing something simple >> here... > ---- > correct me if any of these assumptions are wrong... > > - everything essentially runs in user space (as some user) > > - generating ''user certificates'' is under your control > > - you can generate a specific ''user'' whose sole mission is to run this > process > > - you have control over the web server and could use ''deny,allow'' > directives to only allow connections from localhost to that specific URL > > - you have a system capable of running curl > > Assuming these things to be true, it should be relatively simple to > create a user, create a cron job for this user that runs a specific curl > script that uses a client certificate to GET/POST a specific URL > > Craig > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean.I do not have the ability to generate a certificate for a ''non-user''. I do not have root/admin privileges to the server but might be able to get the admin to set up the deny/allow directives if that would enable me to set something up to only allow connections from localhost or whatever surrogate user is actually running the cron job. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Colin Law
2011-Nov-15 17:22 UTC
Re: Re: Re: Running rake task automatically with rights of server?
On 15 November 2011 17:15, Terri I. <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> > I do not have the ability to generate a certificate for a ''non-user''. I > do not have root/admin privileges to the server but might be able to get > the admin to set up the deny/allow directives if that would enable me to > set something up to only allow connections from localhost or whatever > surrogate user is actually running the cron job.I don''t understand what you are trying to do here. Are you able to run a cron task on the server? If so can you not just do what you need to with a rake task acting directly on the database? Why do you need to get involved in certificates? Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.