Message-ID: <4BCA5395.7040604@laposte.net>
Date: Sun, 18 Apr 2010 02:34:29 +0200
From: Cyrille Lefevre <cyrille DOT lefevre-lists AT laposte DOT net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: cron error can't switch user context
References: <20100416184243 DOT GX5284 AT proxix DOT com>  <4BC8DF49 DOT 8060501 AT laposte DOT net> <20100416234345 DOT GE5284 AT proxix DOT com>
In-Reply-To: <20100416234345.GE5284@proxix.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com


Le 17/04/2010 01:43, Tom Schutter a =E9crit :
> On Fri 2010-04-16 17:06, Cyrille Lefevre wrote:
>> Le 16/04/2010 20:42, Tom Schutter a =E9crit :

http://www.cygwin.com/acronyms/#PCYMTWLL

>>> I have number of machines running Windows2003 and Cygwin 1.7.5.  On mos=
t cron works.  But on one (lemon) it does not.  It appears that on lemon cr=
on cannot switch the user context.
>>>
>>> Cronevents on lemon shows:
>>>
>>> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (tschutter) CMD (=
/usr/bin/python /cygdrive/f/production-sync/production-sync.py)
>>> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (CRON) error (can=
't switch user context)
>>>
>>> /var/log/cron.log is empty on all machines.
>>
>> let's configure syslogd from inetutils to have some logs :
>> syslogd-config --yes
>
> I don't have a syslogd-config.  Ok.  So I installed inetutils.  Now I hav=
e a syslogd-config which I have just run.  And I have started syslogd.
> After setting up syslogd, I still see an empty /var/log/cron.log and /var=
/log/messages.

did you restart cron ?
here is my log for an * * * * * date >> /tmp/date.log entry :
Apr 17 12:20:40 MV0213 /usr/sbin/cron: PID 2668: (CRON) STARTUP (V5.0)
Apr 17 12:20:41 MV0213 cron: PID 3364: `cron' service started
Apr 17 12:21:01 MV0213 /usr/sbin/cron: PID 3064: (root) CMD (date >>=20
/tmp/date.log)

>> you may need to configure sshd before to have the right permissions
>> on /var/empty, etc. (ssh-host-config --yes --user "${CYGSERVER_USER}"
>> --pwd "${CYGSERVER_PASS}" where CYGSERVER_USER=3Dcyg_server and
>> CYGSERVER_PASS=3Dwhatever you want)
>
> I am not sure what sshd has to do with cron.

IFAIK, if you configure cron w/o configure ssh first, cron-diagnose will=20
break.

 > In my case sshd cannot run as the cygserver user because it must be a=20
domain user.

under 2K3, I'm running sshd w/ a local cyg_server account + lsa + passwd=20
-R w/o problems whatever the passwordless account is local admin or not=20
or domain lambda user. not tried using a domain admin since I don't have=20
access to a domain admin account. however, a local admin is sufficient=20
to stop/start services, etc. so, a domain admin isn't required...

>> PS : well, I prefer the legacy one than the ng one...
>>
>> PS2: IMHO, linux^Wcygwin cron(^W^Wlinux) sucks bcoz it doesn't report on
>> tasks return codes as a true unix does... (i.e.:<   root 1331 c Tue Feb
>>    2 17:32:36 MET 2010 rc=3D1)
>>
>>> The cron daemon is running as SYSTEM on all machines.
>>
>> 2K3 may need to be running under cyg_server ?
>
> Why?  I have not seen any doc stating that.
>
>> to configure cron, I use :
>>
>> cron-config<<  EOF
>> yes
>>
>> no
>> no
>> no
>> ${CYGSERVER_PASS}
>> ${CYGSERVER_PASS}
>> no
>> EOF
>>
>> PS : doesn't support csih yet :-(
>
> Your yes and no responses do not match what cron-config asks me:
>
> lemon:/$ cron-config
> Do you want to install the cron daemon as a service? (yes/no) yes
> Enter the value of CYGWIN for the daemon: [ ]
>
> You must decide under what account the cron daemon will run.
> If you are the only user on this machine, the daemon can run as yourself.
>     This gives access to all network drives but only allows you as user.
> To run multiple users, cron must change user context without knowing
>    the passwords. There are three methods to do that, as explained in
>    http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
> If all the cron users have executed "passwd -R" (see man passwd),
>    which provides access to network drives, or if you are using the
>    cyglsa package, then cron should run under the local system account.
> Otherwise you need to have or to create a privileged account.
>    This script will help you do so.
> Do you want the cron daemon to run as yourself? (yes/no) no
>
> Were the passwords of all cron users saved with "passwd -R", or
> are you using the cyglsa package ? (yes/no) yes

try to answer no, here, then, you will be asked for cyg_server=20
password... and may still use passwd -R :-)

> The cron daemon will run as SYSTEM.
>
> Running cron_diagnose ...
> ... no problem found.
>
> Do you want to start the cron daemon as a service now? (yes/no) yes
> OK. The cron daemon is now running.

well, the last no is because I prefer to launch the service myself :-)

<snip>
> lemon:/$
>
> It appears that cron-config decides to run cron under the SYSTEM account =
because I indicated that I was using cyglsa.
>
>>> cyglsa is running on all machines.
>>
>> did you reboot after configuring cyglsa ?
>>
>>> cygserver is not running on any machine.
>>
>> 2K3 may need cygserver as well as passwd -D?

s/-D/-R/ sorry

> If I do a "passwd -R", cron will work.  But I don't want to do a "passwd =
-R".  I am forced to change my password every 60 days.  Then I would have t=
o go to every cygwin box and change the password there as well.

don't know how to make things work w/o passwd -R, sorry.

however, an "ssh net user user passwd" is not so hard to do :-)
alternative, if using a local account is "net user user /expire:no"

<snip>

Regards,

Cyrille Lefevre
--=20
mailto:Cyrille DOT Lefevre-lists AT laposte DOT net


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple