Mail Archives: cygwin/2004/05/27/05:07:32
> From: Larry Hall [mailto:cygwin-lh AT cygwin DOT com]
>
> At 03:52 AM 5/26/2004, you wrote:
> >I previously posted a problem where a job failed attaching to an MQ
> >Q Manager when run from cron. The explanation that was provided
> >was that because MQ authenticates the user using the NT services
> >and cron had had to su to that user, bypassing these services, that
> >the user running the job did not then have the correct credentials.
> >
> >This sounds plausible and certainly explains the behaviour I see, but
> >what would be involved in cron checking to see under which user the
> >cygwin session is running and if this is the same user as the cygwin
> >cron service is running under. If they are the same then do not do
> >the change of user? Would this enable the cron job to run with the
> >correct credentials? Or am I totally misunderstanding the problem?
> >I admit that I know little or nothing about either Windows security
> >or how cygwin interacts with it.
> >
> >Thanks for any comments on this
>
>
> In the default installation, the user doing the "su" (as you
> refer to it)
> is the SYSTEM user. The SYSTEM user has no access to remote
> SMB shares.
> So your idea doesn't work because it assumes something that
> isn't true.
>
> One possible alternative is to run cron as the user you want
> to run jobs
> as. I don't recall, off-the-top-of-my-head, whether cron assumes that
> it will run as SYSTEM and, if so, this approach probably wouldn't work
> without changing the code. Another alternative might be to
> use a service
> which allows accessing remote directories without requiring Windows
> authentication (i.e. not SMB).
>
Larry, first, thanks for taking the time to respond. Possibly I do not
understand your comments, but I am confused by the reference to shares.
I have a situation where, on the windows side, cron is running as user
'mqdisp'. This user is a member of the mqm group (required for MQ Series)
and is an Administrator with permissions to log in as a service and to act
as part of the Operating System. On the cywin side, mqdisp is the user that
is trying to run the cron job that attaches to MQ Series. My event log is
showing me the following:
[754] MQSeries
Type: WARNING
Computer: TEST1
Time: 2004/05/27 10:50:14 ID: 8074
Authorization failed as the SID 'S-1-5-21-776561741-1935655697-1343024091-1007'
does not match the entity 'system'.
The Object Authority Manager received inconsistent data - the supplied SID doe
s not match that of the supplied entity information.
Ensure that the application is supplying valid entity and SID information.
While /etc/passwd has the following:
SYSTEM:*:18:544:,S-1-5-18::
mqdisp:unused_by_nt/2000/xp:1007:513:mqdisp,U-TEST1\mqdisp,S-1-5-21-776561741-19
35655697-1343024091-1007:/home/mqdisp:/bin/bash
The PS shows that cron is running as SYSTEM, and it seems that it is trying
to use mqdisp's credentials to authenticate system.
I hope the above better explains my problem.
BTW, is there some way that I can login as 'system'? This might provide a
way around this problem.
Thanks for any input to this
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -