Cron jobs running as root
at the bottom of https://github.com/loomio/loomio/wiki/Install-Dokku there's a recommendation to set up a number of cron jobs which run as root. This seems less than ideal, effectively giving root access on the dokku host to the loomio app.
What permissions are actually required here? Should this run as the deploy user?
mc0e Fri 6 Feb 2015 3:38PM
I'm perhaps less concerned by the jobs running as root than I am by the fact that the deploy user gets to upload a rakefile that gets run by root. There's absolutely no point in having a deploy user, or a password for using sudo in this case.
Surely the jobs loomio needs to have run are things that should run inside the container? A few solutions come to mind.
- A cron job running outside the container can launch tasks inside the container using dokku exec.
- A cron daemon could be inserted into the container. Many will cry that this is "not the dokku way", but it does appear quite viable. e.g. see https://phusion.github.io/baseimage-docker/
- An unprivileged job running outside the container could hit a web url regularly, which kicks off the required periodic tasks.
- A poor-mans-cron approach cold be taken where normal web handling includes a check to see if its time to run the next cron, and jobs start from there. For a very quiet site, this might require some intervention to make sure enough hits happen. Using a service like Pingdom is one way to achieve that, and the monitoring is likely useful as well.
I haven't looked closely at what these jobs entail. What does need to happen outside the container? I can imagine something like automatic updates being a good candidate for running outside the container.
Robert Guthrie Sat 7 Feb 2015 2:07AM
I really appreciate your concerns that are raised, but I feel like I need to let you know that I'm (me, personally) not going to be spending time on resolving this issue right now.
The documentation is just the best I could do at the time, as a suggested, easy way to setup cronjobs that Loomio needs.
I want to spend the next month entirely focused on feature development and the most I'm willing to do at this stage is acknowledge that this is not the very best in terms of security, and welcome tested and working changes to the documentation, as well as discussion from other people with dev ops experience.
Sorry again, but I could easily spend a few days on this and I feel like my time is best spent/desperately needed in angularjs development right now.
Robert Guthrie Sun 8 Feb 2015 4:29AM
I feel like I was a bit harsh in my last comment. If you felt not good about reading it then I apologise.
I think a better way of putting it is that I'm both out of my depth on detailed system admin knowledge and finding it hard to prioritise researching anything better, given that it's not an immediately insecure setup and it seems like such a easy way for someone to contribute and help improve the Loomio installation experience.
I'm happy to put in small amounts of time to help improve this area of the docs but I really need someone to lead with a better solution.
Robert Guthrie · Sun 1 Feb 2015 9:07PM
Yea. It's less than ideal.
Would be happy for you to come up with a way to do it as deploy user, but I was unable to.