X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <4734F100.30108@cygwin.com>
Date: Fri, 09 Nov 2007 18:45:04 -0500
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070505 Remi/2.0.0.0-3.fc4.remi Thunderbird/2.0.0.0 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Permissions/acl problem
References: <fh114b$d0u$1 AT ger DOT gmane DOT org> <47349DE5 DOT 6020500 AT cygwin DOT com> <fh2psn$qg8$1 AT ger DOT gmane DOT org> <4734EDA4 DOT FAE2802E AT dessent DOT net>
In-Reply-To: <4734EDA4.FAE2802E@dessent.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Brian Dessent wrote:
> Jerome Fong wrote:
> 
>> This doesn't seem to help.  I re-ran cron_diagnose.sh and made sure I
>> had ntsec and smbntsec define, but that doesn't seem to help.  Am I
>> suppose to add it to my .profile?
> 
> I think Larry might have been a little quick on the trigger to suggest
> smbntsec, as I don't see how that would be relevant in this situation. 
> (And ntsec is the default if not specified, so there's no reason really
> to ever specify it.)
> 
> The problem is that the cron daemon runs as the system and impersonates
> each user when it goes to execute a job from their crontab.  But the
> cron daemon does not have the user's password (exactly analogous to the
> case when logging on to the sshd daemon with pubkey auth) so any network
> shares that require authentication will not be accessible from the
> cronjob.  There's a FAQ entry about this, but the solutions amount to
> basically:
> 
> - use network paths accessible to guests
> - run cron daemon as the desired user, which requires giving the user's
> password once when installing service but not subsequently.  (But you
> can only ever run jobs as that user as impersonation is not possible
> without extra privileges.)
> - supply your password explicitly in the cronjob, i.e. by invoking "net
> use" with username and password.  (Requires leaving password exposed in
> crontab)


While the above is all true, given the data from the original message,
I decided that the OP had somehow set up cron to allow him access to the
remote drives already.  I admit that I didn't verify that further than
the info already provided.  But given that the OP was able to list the
contents of the share from cron, he's managed this in some way.  Assuming
this information is not faulty, 'smbntsec' may indeed be what he needs to
manipulate permissions on these files.  But I would certainly encourage the
OP to review the current state of his configuration given the information
above and make sure that he's clear on what's required to accomplish the
desired end.


-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/