Exec tasks allow administrators and external users to execute a specified command on the server once or as recurring tasks.
The server restricts the kinds of commands that can be executed, and the access level of users who can execute them.
These safeguards and requirements include:
- The absolute path to the command to execute must be listed in the <server-root>/config/exec-command-whitelist.txt file.
- The global configuration must be updated to allow the exec task. The server does not
permit it by default. The following command enables this.
$ bin/dsconfig set-global-configuration-prop \ --add allowed-task:com.unboundid.directory.server.tasks.ExecTask
- The user scheduling the task must have the exec-task privilege. The server does not grant permission to run this task to any user by default, including root users.
The following configuration changes grant the exec-task privilege to a single root user, all root users, or a single non-root user: