Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Fri, 10 Sep 2004 18:39:11 -0400
From:	"Pierre A. Humblet" <pierre DOT humblet AT ieee DOT org>
To:	cygwin AT cygwin DOT com
Subject:	Re: Cygwin Cron on Windows 2003 Server Issues
Message-ID:	<20040910223911.GA211629@Worldnet>
References:	<000501c4977f$70c95520$140f000a AT PJGVAIO>
Mime-Version:	1.0
In-Reply-To:	<000501c4977f$70c95520$140f000a@PJGVAIO>
User-Agent:	Mutt/1.4.1i

On Fri, Sep 10, 2004 at 04:45:07PM -0500, Paul J. Ghosh wrote:
> Thank you all for your help.  We pursued all that was recommended and
> still ran into the error: cron : PID 3784 : starting service `cron'
> failed: execv: 128, Transport endpoint is not connected.
> 
> Since invoking it command line was successful we put a wrapper in place
> that executes cron and added the wrapper as a service.  cron is now
> working.  For the issue where crontab assumes that SYSTEM is the owner
> of the cron service and leaves the contents of the /var/cron/tabs as 640
> with a group of SYSTEM we also created a wrapper that changes the
> permission to 644.
> 
> Here is the detail of what we have put into place and provided to the
> release engineer:
> 
> overview:
> 	- create local user called 'svccron'
> 	- set up permissions for local user
> 	- create wrappers for cron/crontab
> 	- add wrapped cron as service
> 	- set up schedules
> 
> execute the following within a bash shell:
> 
> 	- create local user called 'svccron'
> 
>   	net user svccron <passwd> /add /yes
>   	net localgroup <administrators_group_name> svccron /add
>   	editrights -a SeAssignPrimaryTokenPrivilege -u svccron
>  	editrights -a SeCreateTokenPrivilege -u svccron
>   	editrights -a SeIncreaseQuotaPrivilege -u svccron
>   	editrights -a SeServiceLogonRight -u svccron
>   	mkpasswd -l -u svccron >> /etc/passwd
> 
> 	for security reasons:
>   	editrights -a SeDenyInteractiveLogonRight -u svccron
>   	editrights -a SeDenyNetworkLogonRight -u svccron
>   	editrights -a SeDenyRemoteInteractiveLogonRight -u svccron
> 
> 	- create wrapper for cron - attached 'xcron'/contents below
> 	- install in /usr/sbin
> 	- change permissions for xcron
> 	$ chmod 744 /usr/sbin/xcron
> 
> 	$ cat /usr/sbin/xcron
> 	#!/usr/bin/bash
> 	/usr/sbin/cron -D
> 
> 	$ ls -l /usr/sbin/xcron
> 	-rwxr-xr-x    1 devadm   Domain U       34 Sep 10 14:03
> /usr/sbin/xcron
> 
> 	- create wrapper for crontab - attached 'xcrontab'/contents
> below
> 	- install in /usr/bin
> 	- change permissions for xcrontab
> 	$ chmod 744 /usr/bin/xcrontab
> 
> 	$ cat /usr/bin/xcrontab
> 	#!/usr/bin/bash
> 	/usr/bin/crontab $@;
> 	xval=$?;
> 	chmod 644 /var/cron/tabs/$USER;
> 	exit $xval;
> 
> 	$ ls -l /usr/bin/xcrontab
> 	-rwxr-xr-x    1 devadm   Domain U       90 Sep 10 13:58
> /usr/bin/xcrontab
> 
> 	- add wrapped cron as service
> 	$ cygrunsrv -I xcron -p /usr/sbin/xcron -a -u svccron -w
> <passwd>
> 
> 	- execute following as user for which tasks need to be scheduled
> 	$ xcrontab -e
> 
> 	- for details
> 	$ man 5 crontab
> 

I am wondering if the additional steps below would not remove
the need for xcrontab:

1) after   	mkpasswd -l -u svccron >> /etc/passwd
edit /etc/passwd and set the uid of svccron to 0

2) Change the command in xcron to
su -c "exec /usr/sbin/cron -D" system

Pierre


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -