Problem Description
I have a script inside my htdocs that I want executed every night. It needs execute permissions. But every night the Sympl cron seems to change all the permissions so that the script is 644 and not executable.
I assume that Sympl runs a cron job but when I run crontab -e as user sympl or sudo I can’t see anything.
Does anyone know what can I do about this?
Any Error Messages
replace this text with messages or log entries
Environment
- Sympl Version [9.0/10.0]:
- Sympl Testing Version? [No]
- Debian Version [Bullseye]:
- Hardware Type? [Virtual]
- Hosted On? [iomart.io]
This is sympl-filesystem-security working to keep your system secure. It’s a shell script on /sbin so you can see what it’s doing. I would recommend changing your cron entry to explicitly call your script with /bin/sh.
There may be other options of course.
PS. It’s not a good idea to alter the sympl-filesystem-security because then you’ll have to worry about what happens when it’s updated.
1 Like
You can disable the permissions changes by creating the file /srv/example.com/config/disable-filesystem-security which will then skip any filesystem security changes, but you can end up with possible security issues that way.
Having execute bits on things in the webroot is a minor risk (after all, if something is able to execute stuff there, you’ve probably already got other problems) but as @pcollinson mentions, best practice would be to have the cron execute it directly.
I’ll mull it over, I’ve learnt something, but may be my script wasn’t meant to be.
Thanks all for you help.
You could always store the script elsewhere. I’ve created a /srv//private folder for this purpose in the past.
Andy
Same here, I created /srv/example.com/scripts but same principle. It doesn’t have to be in public/htdocs unless it’s going to be run by the web server.
I did want it run by the web server. I wanted to rewrite a page every day automatically with information gleaned from somewhere.
Thanks.