From a15f397beea6d2dd31cc4d422fcd817343aa9173 Mon Sep 17 00:00:00 2001
From: Simon Dahlbacka <simon.dahlbacka@fellowmind.fi>
Date: Fri, 30 Aug 2024 16:12:15 +0300
Subject: [PATCH 1/2] Speculatively add docs about how cron and acls should
 work together

---
 action_execution.adoc | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/action_execution.adoc b/action_execution.adoc
index 394019eec..0462d5900 100644
--- a/action_execution.adoc
+++ b/action_execution.adoc
@@ -72,10 +72,32 @@ If you need per-second resolution for your actions, this can be enabled in your
 cronSupportForSeconds: true
 
 actions:
-  title: Execute every 5 seconds
-  shell: date
-  execOnCron:
-    - "*/5 * * * * *"
+  - title: Execute every 5 seconds
+    shell: date
+    execOnCron:
+      - "*/5 * * * * *"
+----
+
+==== Cron and ACLs
+
+If you have enabled ACL, cron tasks are run as the user `cron`, which means that your ACL needs to allow the cron user to execute the action. This is one possibilty:
+
+[source,yaml]
+.`config.yaml`
+----
+accessControlLists:
+  - name: "cron"
+    matchUsernames:
+      - cron
+    permissions:
+      exec: true
+actions:
+  - title: Say hello
+    shell: echo "Hello!"
+    execOnCron: 
+      - "@hourly"
+    acls:
+        - "cron"
 ----
 
 [#exec-startup]

From b1c51669969e5a014f475c15afcf1d73e6420fdd Mon Sep 17 00:00:00 2001
From: Simon Dahlbacka <simon.dahlbacka@fellowmind.fi>
Date: Mon, 25 Nov 2024 20:00:58 +0100
Subject: [PATCH 2/2] Move the new content to hopefully the correct place

---
 .../ROOT/pages/action_execution/oncron.adoc   | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/modules/ROOT/pages/action_execution/oncron.adoc b/modules/ROOT/pages/action_execution/oncron.adoc
index 6e30f11b5..8217a8e8c 100644
--- a/modules/ROOT/pages/action_execution/oncron.adoc
+++ b/modules/ROOT/pages/action_execution/oncron.adoc
@@ -9,7 +9,7 @@ OliveTin can execute actions on a schedule, and uses a cron format for configura
 actions:
   - title: Say hello
     shell: echo "Hello!"
-    execOnCron: 
+    execOnCron:
       - "@hourly"
 
   - title: Say goodbye
@@ -39,3 +39,24 @@ actions:
 ----
 
 
+==== Cron and ACLs
+
+If you have enabled ACL, cron tasks are run as the user `cron`, which means that your ACL needs to allow the cron user to execute the action. This is one possibilty:
+
+[source,yaml]
+.`config.yaml`
+----
+accessControlLists:
+  - name: "cron"
+    matchUsernames:
+      - cron
+    permissions:
+      exec: true
+actions:
+  - title: Say hello
+    shell: echo "Hello!"
+    execOnCron:
+      - "@hourly"
+    acls:
+        - "cron"
+----