ISConfig's handling of CRON jobs - explanation please

Discussion in 'General' started by manarak, May 30, 2015.

  1. manarak

    manarak Member

    Okay, I have a PHP file in the CGI-BIN directory in a client account.
    I used the ISPConfig panel to setup a cron job, and I typed in the following command:
    /usr/bin/php /var/www/clients/client2/web3/cgi-bin/test.php

    the command is shown in syslog:
    (web3) CMD (/usr/bin/php /var/www/clients/client2/web3/cgi-bin/test.php #domain.com)
    (CRON) Error (grandchild ###### exited with exit status 17)

    ISPConfig runs with jailed client accounts.

    Is there any chance to be able to add cron jobs via ISPConfig panel or will I always have to use the root account to add them via SSH with crontab ?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Why did you put a .php file in cgi-bin? If you want to run a php file with cron, put it in the web directory and then enter http://yourdomain.rld/test.php in the command field of the cronjob in ispconfig.
     
  3. manarak

    manarak Member

    because I don't want the script to be run on demand by any visitor
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    But when you put it in cgi-bin, your visitor can run it as well. If you dont want it to be accessible by the visitor, then you have to put it e.g into the private folder.

    You have these options:

    1) Put the script in the web folder and run it by http://.... URL cron. As protection you can e.g. add a get parameter that only you know e.g.:
    http://yourdomain.rld/test.php?secret=12345
    ain in your script add the line:

    if($_GET['secret'] != '12345') die('direct access not allowed');

    2) Set the cron to "Full cron" in client settings before you create the cronjob and put the script into the private folder and use the cron command:

    /usr/bin/php /var/www/clients/client2/web3/private/test.php

    3) Set the cron type to jailed cron in client settings, then create the cronjob as in 2) and add php to the jail wth jk_cp command, so that /usr/bin/php command exists inside the jail.
     
    jjsjjs and manarak like this.
  5. manarak

    manarak Member

    thanks for the tips!
    one thing I would really like to know however, is how a HTTP visitor can run a script that is inside the cgi-bin directory and therefore not reachable by brower?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    As soon as you enable cgi support, then the cgi- bin directory is reachable trough the website by http.
     
  7. manarak

    manarak Member

  8. till

    till Super Moderator Staff Member ISPConfig Developer

  9. radim_h

    radim_h Member HowtoForge Supporter

    You can simply make the script not accessible on webpage by .htaccess file like this:
    <Files cron.php>
    Order Deny,Allow
    Deny from All
    </Files>
     
  10. manarak

    manarak Member

    Thank you.
    I got a feeling the CRON jobs are still an area of ispconfig that could use some more clarity and hand-holding
     

Share This Page