Hi, On Thu, Dec 18, 2008 at 5:25 PM, Lars Trieloff (JIRA) <j...@apache.org> wrote: > Key: SLING-788 > ...I would like to be able to script scheduled events in an easy fashion that > works just like > the /etc/cron.d/ directory on my Linux server: I put a shell script into > /etc/cron.d/daily and it > will get executed once a day....
I like the idea, and scripts might also be activated as JCR observation listeners by saving them in a specific location. One problem is, which user identity do those scripts run under? Running them as admin is a security risk if a non-admin user is allowed to write them. Making the "event scripts" tree writable by admin only makes things safe but limited. Unixish systems solve this by using the identity of the user who owns the script (unless the setuid flag is set), and enforcing the way this identity can be set - but we don't have that kind of feature in JCR, or do we? -Bertrand
