Running Privileged Commands in Scheduled Jobs

If a command in an at or cron job needs to run with privileges, either forced or inheritable privileges may be made available. Enabling a command to run with forced privileges, so that the privileges apply no matter who executes the command, is insecure practice. Therefore, the Security Administrator role typically does the following to make the privileges available by inheritance:

Specify the command and any privileges it needs in one of the invoking user's profiles using the Rights tool in the SMC.
Specify that the job is executed with a profile shell, as described in "Running a Job with a Profile Shell".

For more information, see "Assigning Inheritable Privileges to a Command or Action".

For a cron job example, see "To Write a Profile Shell Script".

Previous: Running a Job with a Profile Shell
Next: How the UNIX Domain Socket is Used for Communications