From 8a1b02f874b60669ac32d0c185b5c1960a08c802 Mon Sep 17 00:00:00 2001 From: RobQuistNL Date: Fri, 29 Aug 2014 09:20:48 +0200 Subject: [PATCH 1/2] Update sudo cron documentation --- lib/cron/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/cron/README.md b/lib/cron/README.md index 0c33665..c1b57e5 100644 --- a/lib/cron/README.md +++ b/lib/cron/README.md @@ -48,3 +48,12 @@ The cron targets use some global project properties to know which cron files sho ## Dependencies ## A Cron program installed on the server + +### Sudocron ### +Some servers require the root user to manage files in the /etc/cron.d directories (depending on OS). When using the cron.sudo option some targets will execute the "sudo" command. To prevent the sudo command from asking password, you could edit the sudoers file to support certain commands; +``` +deployusername ALL=NOPASSWD:/bin/rm /etc/cron.d/* +deployusername ALL=NOPASSWD:/bin/cp /deploy/folder/root/* /etc/cron.d/* +``` + +This allows the rm and cp commands into the right directories. Please note that this wildcard still allows for "../" to be filled in and potentially creating a security risk, but we're not covering that here. \ No newline at end of file From b869b0cb11fef32a5c0650c4c8d770775edf7892 Mon Sep 17 00:00:00 2001 From: Rob Quist Date: Fri, 29 Aug 2014 09:21:35 +0200 Subject: [PATCH 2/2] Update README.md --- lib/cron/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/cron/README.md b/lib/cron/README.md index c1b57e5..d465761 100644 --- a/lib/cron/README.md +++ b/lib/cron/README.md @@ -50,10 +50,10 @@ The cron targets use some global project properties to know which cron files sho A Cron program installed on the server ### Sudocron ### -Some servers require the root user to manage files in the /etc/cron.d directories (depending on OS). When using the cron.sudo option some targets will execute the "sudo" command. To prevent the sudo command from asking password, you could edit the sudoers file to support certain commands; +Some servers require the root user to manage files in the /etc/cron.d directories (depending on OS). When using the cron.sudo option some targets will execute the "sudo" command. To prevent the sudo command from asking password, you could edit the sudoers file (use `visudo` for this) to support certain commands; ``` deployusername ALL=NOPASSWD:/bin/rm /etc/cron.d/* deployusername ALL=NOPASSWD:/bin/cp /deploy/folder/root/* /etc/cron.d/* ``` -This allows the rm and cp commands into the right directories. Please note that this wildcard still allows for "../" to be filled in and potentially creating a security risk, but we're not covering that here. \ No newline at end of file +This allows the rm and cp commands into the right directories. Please note that this wildcard still allows for "../" to be filled in and potentially creating a security risk, but we're not covering that here.