[Koha-bugs] [Bug 1993] Task Scheduler Needs Re-write

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri May 17 10:34:23 CEST 2013


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=1993

--- Comment #33 from M. de Rooy <m.de.rooy at rijksmuseum.nl> ---
Katrin:
Just another observation. I set my SELinux temporarily to Permissive. I can add
a job, but there is another security issue.
At job run time, I receive the mail: This account is currently not available.
Why? Because my apache user is not allowed to login. So the job cannot be run,
although it is allowed via at.allow etc.

This brings me to a more important question: Should we encourage Koha users to
allow login for apache user to make use of the Task Scheduler? Note that is a
general Apache hardening measure to not allow interactive login for the apache
user. IMO we (as Koha developers) should not stimulate Koha users to lower
security barriers to enable Koha functionality.

Another approach to the Task Scheduler could be to have a specific cronjob,
look for Koha reports to run at specified times without allowing apache to add
generic jobs with all security risks attached..

Moving this report to In Discussion. Will send a mail to the dev list.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.


More information about the Koha-bugs mailing list