Skip to content
Snippets Groups Projects
Commit 35183510 authored by Patrick Radtke's avatar Patrick Radtke
Browse files

cron cli: check if posix_getuid exists. Update documentation

parent 530acfb2
No related branches found
No related tags found
No related merge requests found
...@@ -21,7 +21,7 @@ if (!SimpleSAML\Module::isModuleEnabled('cron')) { ...@@ -21,7 +21,7 @@ if (!SimpleSAML\Module::isModuleEnabled('cron')) {
} }
$options = getopt("t:"); $options = getopt("t:");
if (posix_getuid() === 0) { if (function_exists('posix_getuid') && posix_getuid() === 0) {
echo "Running as root is discouraged. Some cron jobs will generate files that would have the wrong ownership.\n"; echo "Running as root is discouraged. Some cron jobs will generate files that would have the wrong ownership.\n";
echo 'Suggested invocation: su -s "/bin/sh" -c "php /var/simplesamlphp/modules/cron/bin/cron.php -t hourly" apache'; echo 'Suggested invocation: su -s "/bin/sh" -c "php /var/simplesamlphp/modules/cron/bin/cron.php -t hourly" apache';
exit(3); exit(3);
......
...@@ -47,9 +47,17 @@ here is a random key available to no one but you. Additionally, make ...@@ -47,9 +47,17 @@ here is a random key available to no one but you. Additionally, make
sure that you include here the appropriate tags - for example any tags sure that you include here the appropriate tags - for example any tags
that you previously told metarefresh to use in the `cron` directive. that you previously told metarefresh to use in the `cron` directive.
Triggering Cron via HTTP Triggering Cron
--------------------------- ---------------------------
You can trigger the cron hooks through HTTP or CLI. The HTTP method
is the original technique, and it is recommended if you don't need to
trigger CPU or memory intensive cron hooks. The CLI option is
recommended if you need more control over memory, CPU limits and
process priority.
### With HTTP
`cron` functionality can be invoked by making an HTTP request to the `cron` functionality can be invoked by making an HTTP request to the
cron module. Use your web browser to go to cron module. Use your web browser to go to
`https://YOUR_SERVER/simplesaml/module.php/cron/croninfo.php`. Make `https://YOUR_SERVER/simplesaml/module.php/cron/croninfo.php`. Make
...@@ -80,3 +88,35 @@ follow the appropriate links to execute the cron jobs you want. The ...@@ -80,3 +88,35 @@ follow the appropriate links to execute the cron jobs you want. The
page will take a while loading, and eventually show a blank page. page will take a while loading, and eventually show a blank page.
### With CLI
You can invoke cron functionality by running
`/var/simplesamlphp/modules/cron/bin/cron.php` and providing a tag
with the `-t ` argument.
It is strongly recommended that you run the cron cli script as the
same user as the web server. Several cron hooks created files and
those files may have the wrong permissions if you run the job as root.
**note:** Logging behavior in SSP when running from CLI varies by
version. The latest version logs to PHP's error log and ignores any
logging configuration from `config.php`
Below is an example of invoking the script. It will:
* Run a command as the `apache` user
* `-s` specifies `apache` user's shell, since the default is non-interactive
* Override INI entries to increase memory and execution time.
* This allows for processing large metadata files in metarefresh
* Run the `cron.php` script with the `hourly` tag
* Use `nice` to lower the priority below that of web server processes
```bash
su -s "/bin/sh" \
-c "nice -n 10 \
php -d max_execution_time=120 -d memory_limit=600M \
/var/simplesamlphp/modules/cron/bin/cron.php -t hourly" \
apache
```
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment