I have a task that I would like to have run automatically throughout the
day without user intervention (guessing I would use a cron job to run a
rake task). It will be reading in an RSS feed and using that data to
update a database. The application is secure, using https and requiring
user certs. So how do you go about having an automated task run with
basically the rights of the server, as opposed to passing in user
credentials?

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Search Discussions

  • Craig White at Nov 10, 2011 at 6:49 pm

    On Nov 10, 2011, at 11:08 AM, Terri I. wrote:

    I have a task that I would like to have run automatically throughout the
    day without user intervention (guessing I would use a cron job to run a
    rake task). It will be reading in an RSS feed and using that data to
    update a database. The application is secure, using https and requiring
    user certs. So how do you go about having an automated task run with
    basically the rights of the server, as opposed to passing in user
    credentials?
    ----
    cron tasks run as the user

    su - root
    crontab -e

    su - administrator
    crontab -e

    2 different crontabs executed as each user

    Craig

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Terri I. at Nov 10, 2011 at 7:46 pm

    Craig White wrote in post #1031292:
    On Nov 10, 2011, at 11:08 AM, Terri I. wrote:

    I have a task that I would like to have run automatically throughout the
    day without user intervention (guessing I would use a cron job to run a
    rake task). It will be reading in an RSS feed and using that data to
    update a database. The application is secure, using https and requiring
    user certs. So how do you go about having an automated task run with
    basically the rights of the server, as opposed to passing in user
    credentials?
    ----
    cron tasks run as the user

    su - root
    crontab -e

    su - administrator
    crontab -e

    2 different crontabs executed as each user

    Craig

    Well, the root or administrator user don't have X509 certificates that
    can be read in. Is there a different way to run code automatically
    without requiring user credentials, that can only be called by the
    server (such that a user couldn't hack in by entering the
    controller/method in the URL)?
    There's got to be a way of running server-type tasks that you don't want
    users being able to launch. I'm sure I'm missing something simple
    here...

    --
    Posted via http://www.ruby-forum.com/.

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Scott Ribe at Nov 10, 2011 at 7:59 pm

    On Nov 10, 2011, at 12:45 PM, Terri I. wrote:

    Well, the root or administrator user don't have X509 certificates that
    can be read in. Is there a different way to run code automatically
    without requiring user credentials, that can only be called by the
    server (such that a user couldn't hack in by entering the
    controller/method in the URL)?
    There's got to be a way of running server-type tasks that you don't want
    users being able to launch. I'm sure I'm missing something simple
    here...
    Bypass the web server was I'm sure what was meant by cron; just run a script, which might or might not be written in Ruby, and might or might not use ActiveRecord to communicate with the db.

    --
    Scott Ribe
    scott_ribe@elevated-dev.com
    http://www.elevated-dev.com/
    (303) 722-0567 voice




    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Craig White at Nov 11, 2011 at 2:55 am

    On Thu, 2011-11-10 at 20:45 +0100, Terri I. wrote:
    Craig White wrote in post #1031292:
    On Nov 10, 2011, at 11:08 AM, Terri I. wrote:

    I have a task that I would like to have run automatically throughout the
    day without user intervention (guessing I would use a cron job to run a
    rake task). It will be reading in an RSS feed and using that data to
    update a database. The application is secure, using https and requiring
    user certs. So how do you go about having an automated task run with
    basically the rights of the server, as opposed to passing in user
    credentials?
    ----
    cron tasks run as the user

    su - root
    crontab -e

    su - administrator
    crontab -e

    2 different crontabs executed as each user

    Craig

    Well, the root or administrator user don't have X509 certificates that
    can be read in. Is there a different way to run code automatically
    without requiring user credentials, that can only be called by the
    server (such that a user couldn't hack in by entering the
    controller/method in the URL)?
    There's got to be a way of running server-type tasks that you don't want
    users being able to launch. I'm sure I'm missing something simple
    here...
    ----
    correct me if any of these assumptions are wrong...

    - everything essentially runs in user space (as some user)

    - generating 'user certificates' is under your control

    - you can generate a specific 'user' whose sole mission is to run this
    process

    - you have control over the web server and could use 'deny,allow'
    directives to only allow connections from localhost to that specific URL

    - you have a system capable of running curl

    Assuming these things to be true, it should be relatively simple to
    create a user, create a cron job for this user that runs a specific curl
    script that uses a client certificate to GET/POST a specific URL

    Craig


    --
    This message has been scanned for viruses and
    dangerous content by MailScanner, and is
    believed to be clean.

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Terri I. at Nov 15, 2011 at 5:16 pm

    Craig White wrote in post #1031362:
    On Thu, 2011-11-10 at 20:45 +0100, Terri I. wrote:
    ----
    Craig

    Well, the root or administrator user don't have X509 certificates that
    can be read in. Is there a different way to run code automatically
    without requiring user credentials, that can only be called by the
    server (such that a user couldn't hack in by entering the
    controller/method in the URL)?
    There's got to be a way of running server-type tasks that you don't want
    users being able to launch. I'm sure I'm missing something simple
    here...
    ----
    correct me if any of these assumptions are wrong...

    - everything essentially runs in user space (as some user)

    - generating 'user certificates' is under your control

    - you can generate a specific 'user' whose sole mission is to run this
    process

    - you have control over the web server and could use 'deny,allow'
    directives to only allow connections from localhost to that specific URL

    - you have a system capable of running curl

    Assuming these things to be true, it should be relatively simple to
    create a user, create a cron job for this user that runs a specific curl
    script that uses a client certificate to GET/POST a specific URL

    Craig


    --
    This message has been scanned for viruses and
    dangerous content by MailScanner, and is
    believed to be clean.

    I do not have the ability to generate a certificate for a 'non-user'. I
    do not have root/admin privileges to the server but might be able to get
    the admin to set up the deny/allow directives if that would enable me to
    set something up to only allow connections from localhost or whatever
    surrogate user is actually running the cron job.

    --
    Posted via http://www.ruby-forum.com/.

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Colin Law at Nov 15, 2011 at 5:23 pm

    On 15 November 2011 17:15, Terri I. wrote:
    I do not have the ability to generate a certificate for a 'non-user'.  I
    do not have root/admin privileges to the server but might be able to get
    the admin to set up the deny/allow directives if that would enable me to
    set something up to only allow connections from localhost or whatever
    surrogate user is actually running the cron job.
    I don't understand what you are trying to do here. Are you able to
    run a cron task on the server? If so can you not just do what you
    need to with a rake task acting directly on the database? Why do you
    need to get involved in certificates?

    Colin

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprubyonrails-talk @
categoriesrubyonrails
postedNov 10, '11 at 6:08p
activeNov 15, '11 at 5:23p
posts7
users5
websiterubyonrails.org
irc#RubyOnRails

People

Translate

site design / logo © 2022 Grokbase