Community discussions

MUM Europe 2020
 
User avatar
harry66
newbie
Topic Author
Posts: 35
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Scheduler issue

Wed Feb 12, 2020 10:56 am

Hi,

I have created some scripts, really tiny ones, that are meant to disable certain network interfaces when not in the office.
The scripts themselves are just simple one liners that are working well when started by manually. For some reason the scheduler does not start them reliable.
Please have a look at the screenshot to see the summary of it.
Bildschirmfoto zu 2020-02-12 08-56-25.png
I followed the guidelines and do not see, where I have made a mistake. Permissions should be fine, clock is set, syntax should be okay, manual trigger works. But the scheduler is not reliable.
What is really confusing: OVPN_an is triggered by the scheduler, but OVPN_aus is not. Does anybody see the difference? I feel like blind...

If somebody has an idea that would make my day...

BR
Uwe
You do not have the required permissions to view the files attached to this post.
hEX, RB3011, 2*RB951G-HnD, RB951-2n, Metal G-52SHPacn, RBmAP2n, x86, virtual
 
WeWiNet
Member Candidate
Member Candidate
Posts: 249
Joined: Thu Sep 27, 2018 4:11 pm

Re: Scheduler issue

Wed Feb 12, 2020 11:15 am

Try with all the standard permissions set (when you click add new srcipt).
You launching a script is different than the router...

My scripts/schedule use all the standard permissions enabled as by default.
WeWiNet

**
MTCNA
hapac2, map, hap-lite, ltap-mini, RB4011 (good!), Audience (better) :-) !!!
 
WeWiNet
Member Candidate
Member Candidate
Posts: 249
Joined: Thu Sep 27, 2018 4:11 pm

Re: Scheduler issue

Wed Feb 12, 2020 11:19 am

also add a log entry into each script/schedule to see when/if they were executed/triggered:
:log warning (" XYZ happened ")
PS: I use "Warning" as is stands out (blue colored) from all the other log entries but you can use also "info"
WeWiNet

**
MTCNA
hapac2, map, hap-lite, ltap-mini, RB4011 (good!), Audience (better) :-) !!!
 
User avatar
harry66
newbie
Topic Author
Posts: 35
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Re: Scheduler issue

Wed Feb 12, 2020 2:46 pm

Thanks for the hints.
I experimented with the permissions already, starting from default, going to everything and nothing.
The settings now reflect what makes sense to me and what is working on manual trigger. Following the rule that the scheduler should have the same permissions as the script.
Still OVPN_an is working and OVPN_aus is not. This seems to be not logical at all.

I included the logging thing, even though the scheduler and script reports run times.

/Uwe
hEX, RB3011, 2*RB951G-HnD, RB951-2n, Metal G-52SHPacn, RBmAP2n, x86, virtual
 
User avatar
harry66
newbie
Topic Author
Posts: 35
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Re: Scheduler issue

Thu Feb 13, 2020 10:11 am

Hi,
I am more and more confused:
  • I have two very similar scripts: One is enabling and interface and one is disabling the interface
  • Both scripts have exactly the same permissions
  • One script runs and the other is not because of permissions
  • I can't find any explanation, what permissions would be needed
  • I find recommendations to just grant all permissions
  • I can find recommendations to set "dont-require-permissions=yes" viewtopic.php?t=139464

This is not bringing security forward.
It makes scripting an adventure with a huge security risk. Ouch! In the end I need to protect my firewall with a firewall...

/Uwe
hEX, RB3011, 2*RB951G-HnD, RB951-2n, Metal G-52SHPacn, RBmAP2n, x86, virtual
 
User avatar
harry66
newbie
Topic Author
Posts: 35
Joined: Tue Mar 04, 2014 5:29 pm
Location: Germany

Re: Scheduler issue

Tue Feb 18, 2020 8:54 pm

Okay, I surrender on the permissions.
If I grant all permissions to the script and the scheduler, it works.

Anybody a hint, how to find out, what permissions are needed for what?

Thank you!
/Uwe
hEX, RB3011, 2*RB951G-HnD, RB951-2n, Metal G-52SHPacn, RBmAP2n, x86, virtual
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1610
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Scheduler issue

Tue Feb 18, 2020 11:27 pm

You should only need "read" & "write" permissions

Try and add below before the script name in the scheduler
/system script run <NameOfScript>
MTCNA, MTCTCE, MTCRE & MTCINE

Who is online

Users browsing this forum: macsrwe and 15 guests