TaskForest
A simple, expressive, open-source, text-file-based Job Scheduler with console, HTTP, and RESTful API interfaces.
Documentation
  1. Downloading TaskForest
  2. Installing TaskForest
  3. Configuring TaskForest
    1. Jobs & Families
    2. Calendars
    3. Automatic Retries
    4. Sending Emails
    5. Options
    6. Configuration File
  4. Running TaskForest
  5. Running the TaskForest Web Server
  6. Web Server Security
  7. Checking TaskForest Status
  8. Rerunning a Job
  9. Marking a Job
  10. Tokens
  11. Releasing all Dependencies from a Job
  12. Putting a Job on Hold
  13. Releasing a Hold Off a Job
  14. HOWTO
  15. The RESTful Web Service
  16. Frequently Asked Questions (FAQ)
  17. Bugs
  18. Change Log
  19. Author
  20. Acknowledgements
  21. Copyright

Web Server Security

To use the webserver (or even the web service described later) you must have a valid userid and password. taskforestd does not ship with any default userid and password pairs. A password is required to authenticate the person making requests via the web browswer. This userid and password combination may be (and should be) different from the userid and password of the account under which taskforestd is running.

Which reminds me, as you would expect, taskforestd runs with the privileges of the account that invoked the program. If that account does not have permissions to read and write the job and family files, you will not be able to use the web server.

It is not a good idea to run taskforestd as root, because even though taskforestd is written with security in mind, running as root opens a huge security hole. And anyway, you shouldn't run as root any program that you download off the 'net any more than you should give a stranger the keys to your house.

The best method is to create a separate system user account for taskforest and taskforestd, and run the web server and command line requests as that user.

Coming back to the taskforestd userid and password: The userids and passwords are specified in the configuration file using the same format as Apache's .htpasswd files. You can see commented-out examples of this in the configuration file taskforestd.cfg. For your convenience, the TaskForest distribution includes a program called gen_passwd that generates text that you can copy and paste into the config file:

gen_passwd foo bar
The above command will print out somthing that looks like the following;
foo:4poVZGiAlO1BY

This text can then be copied and pasted into the configuration file as a valid_user option.

Please see the included configuration file, taskforestd.cfg, for a list of each configuration option, and what it means.

Please keep in mind that the >taskforestd server is not encrypted. Your userid and password will be transmitted in cleartext. This is a huge security hole. Do not do this unless both the client and the server behind a firewall, for example in a local intranet. If someone sniffs your unencrypted userid and password, they can change job files, family files, or delete them too.

If you wish to use an encrypted, SSL-enabled server, please use the included taskforestdssl program instead of taskforestd. The only difference between the two is that the taskforestd uses HTTP::Daemon, and taskforestdssl uses HTTP::Daemon::SSL. To set up SSL, you will need to set up a server key and a server certificate. The locations of these files may be specified in the taskforestd configuration file, under server_key_file and server_cert_file, respectively. You can find more information in the documentation of HTTP::Daemon::SSL.

If you would like to self-sign a certificate, there are some instructions in the HOWTO section.

If your system does not support SSL (for example, with openssl), and you would like to use taskforestd across the Internet, my advice would be: ``Don't.'' If you do, you would essentially be giving the world the ability to run any command on your server. If you still want to do it, at least make sure that the system account that taskforestd runs under does not have write access to any files, especially those in job_dir, log_dir and family_dir. This means that you would not be able to change job or family files or schedule reruns using taskforestd, but neither would the rest of the world be able to do that on your machine.