Hi all,
I am working on a script that goes through the DHCP leases. When it finds a new lease, it creates a static DNS entry for the machine, and sends an email. The script is originally based on https://www.ctrl.blog/entry/routeros-dhcp-lease-script.html.
The script works (DNS updated, email sent) when I run it manually as the admin, with
> /system script run dhcp-to-dns
I am trying to set up the least amount of privileges on all my scripts. In doing so, I got confused as it seems the (scheduled) script just dies without warning if it doesn’t have the permissions. I eventually whittled it down to:
- read, to read DHCP leases and static DNS entries
- write, to update static DNS entries
Those policies are both setup for the script itself, as well as the scheduler entry
> :put [/system script get dhcp-to-dns policy ]
read;write
> :put [/system scheduler get dhcp-to-dns policy ]
read;write
Unfortunately, when run by the scheduler, the script dies (silently) when trying to send the email. I have looked at https://help.mikrotik.com/docs/display/ROS/E-mail, https://help.mikrotik.com/docs/display/ROS/User, https://help.mikrotik.com/docs/display/ROS/Scripting#Scripting-Scriptrepository and https://help.mikrotik.com/docs/display/ROS/Scheduler, but haven’t been able to find any indication of what policy/permission the email tool needs.
So, two questions:
- Is there a way to get a better log output when a script dies because it doesn’t have permission to run a particular command?
- What is the policy required for scripts to be able to send emails?
Thanks in advance.