Hi,
As I see the output of /var/log/syslog, I see
Sep 13 23:24:02 ce sm-mta[29338]: v8DIs2nc029337: to=armin, ctladdr=<root@oursite> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=38530, dsn=2.0.0, stat=Sent
Sep 13 23:25:01 ce CRON[29422]: (root) CMD (curl http://oursite/courses/admin/cron.php?password=****)
where **** is the plain text of the password! how that can be avoided?
Kinda created your own security concern ... first ... who can get to syslog? I would hope only root/users on the moodle server. But by forwarding root email to a user off the server ... now the mail is in another mail server and under another users control.
Solutions? ....
1. never forward root email to another user off the server. Use ssh and alpine (a text based MTA) to check root mail. Of course that will soon slide off the list of things to do and the root inbox could build up to fill up the hard drive if limits are not set in sendmail/postfix.
Use another tool ... like Webmin ... that has other handy modules for admin of a Linux server. One tool ... read user mail ... ie, roots mail.
Set up another bash shell script to check size of root inbox and if over 40Megs, remove it. But then you have no history of where Moodle cron/task might have gone south (the ole 'catch 22').
2. investigate the 'quiet' option to the curl command.
if #2 then #3. use (pipe) | tee to log the output of curl to a moodlecron.log which would also be rotated by log rotate. Now you just have to remember to check the logs from time to time.
So you have options and no code need be changed. ;)
'spirit of sharing', Ken
...or you could stop using http to trigger your cron via the web and call it on the command line of your server which doesn't use the password at all and is generally the better way to do it.
https://docs.moodle.org/en/Cron#Setting_up_cron_on_your_system
Thank you very much for the replies.
So you mean I have to put
/usr/bin/php /path/to/moodle/admin/cli/cron.php
in /etc/crontab?
