Using exec tasks
Exec tasks allow administrators and external users to execute a specified command on the server once or as recurring tasks.
About this task
The server restricts the kinds of commands that can be executed, and the access level of users who can execute them.
These safeguards and requirements include:
-
The absolute path to the command to execute must be listed in the
<server-root>/config/exec-command-whitelist.txtfile. -
The global configuration must be updated to allow the exec task. The server does not permit it by default. The following command enables this.
$ bin/dsconfig set-global-configuration-prop \ --add allowed-task:com.unboundid.directory.server.tasks.ExecTask -
The user scheduling the task must have the
exec-taskprivilege. The server does not grant permission to run this task to any user by default, including root users.
The following configuration changes grant the exec-task privilege to a single root user, all root users, or a single non-root user:
Steps
-
To grant the
exec-taskprivilege to a single root user, run the following.$ bin/dsconfig set-root-dn-user-prop --user-name "<username>" \ --add privilege:exec-task -
To grant the
exec-taskprivilege to all root users, run the following.$ bin/dsconfig set-root-dn-prop \ --add default-root-privilege-name:exec-task -
To grant the
exec-taskprivilege to a single non-root user, run the following.dn: <userdn> changetype: modify add: ds-privilege-name ds-privilege-name: exec-task
-
Use the
schedule-exec-tasktool to create an exec task from the command line.Example:
The following command schedules an exec task to run the
verify-indextool to check the integrity of thecnindex in the backend that hosts"dc=example,dc=com", assuming that the server is installed in/ds.$ bin/schedule-exec-task --hostname directory.example.com \ --port 389 \ --bindDN uid=admin,dc=example,dc=com \ --promptForBindPassword \ --waitForCompletion \ --logCommandOutput \ /ds/bin/verify-index --baseDN dc=example,dc=com --index cn