CRON runs only when registered users call cron.php

By Thoor on 11 Dec 2010 at 14:28 UTC

I am having a strange problem! /cron.php runs only when a registered user calls the file. I also tried Poormanscron without success.

After some search i found "Running cron as an authenticated user" and tried the recommended way.

There is a User "Antester" with the Login "Testan", then I changed scripts/cron-curl.sh to:

#!/bin/sh
# Reference http://drupal.org/node/479948#comment-1673488 by pearlbear

SITE=http://www.mydomain.com/
USERNAME=XXXXX
PASS=XXXXX

COOKIES=/tmp/cron-cookies.txt
WGETPARAMS="--quiet -O /dev/null --no-check-certificate --save-cookies $COOKIES --keep-session-cookies --load-cookies $COOKIES"
# if you run drupal in a default language different than English you need to modify this
LOGIN="Anmelden"

wget $WGETPARAMS "${SITE}user"
wget $WGETPARAMS --post-data="name=$USERNAME&pass=$PASS&op=$LOGIN&form_id=user_login" "${SITE}user"
wget $WGETPARAMS " ${SITE}cron.php"

and then i tried this CRONTAB Order:
wget -q http://www.mydomain.com/scripts/cron-curl.sh > /dev/null

It is not working. Guess the way I call the CRONTAB is wrong - or?

I also tried a Serverpath in a CRONTAB Order:
serverpath/html/scripts/cron-curl.sh

But then i receive a mail from the server with this message:
/bin/sh: serverpath/html/scripts/cron-curl.sh: Permission denied

Can anybody give me a helping hand for this?

Comments

Run cron as "authenticated" user 1

nickl commented 20 April 2011 at 20:05

I created a new cron.php, to run cron as user 1 with full permissions, called cron_user1.php.

The following snippet works like a charm.

include_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
global $user;
$user = user_load(1);
drupal_cron_run();

Hack the planet =)

@nickl Perfect Solution! Thx

Thoor commented 12 May 2011 at 08:34

@nickl

Perfect Solution! Thx a lot!

This is somewhat similar to the technique I've been using when encountering this problem. Your implementation could have some security problems though. Essentially, you're allowing anyone who goes to cron_user1.php on your site to be logged in as user 1. I'm not a security expert, but I'm sure there's something nefarious that could be done with that, even if cron is all that gets run.

I usually use this technique:
http://drupal.org/node/218104

and I do it around the specific chunk of code that needs higher level access, this helps to sandbox the security problem I hope.

Good luck!