X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SARE_FREE_WEBM_LAPOSTE,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: sourceware.org Message-ID: <4BCA5395.7040604@laposte.net> Date: Sun, 18 Apr 2010 02:34:29 +0200 From: Cyrille Lefevre User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: cron error can't switch user context References: <20100416184243 DOT GX5284 AT proxix DOT com> <4BC8DF49 DOT 8060501 AT laposte DOT net> <20100416234345 DOT GE5284 AT proxix DOT com> In-Reply-To: <20100416234345.GE5284@proxix.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable X-me-spamlevel: not-spam X-me-spamrating: 28.000000 X-me-spamcause: OK, (-300)(0000)gggruggvucftvghtrhhoucdtuddrvdeluddrvdelucetggdotefuucfrrhhofhhilhgvmecuoehnohhnvgeqnecuuegrihhlohhuthemuceftddtnecuucdlqddutddtmdenrhhoohhtpdhushhrpdhlohgtrghlvdigucdlqddvtddtmd X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Le 17/04/2010 01:43, Tom Schutter a =E9crit : > On Fri 2010-04-16 17:06, Cyrille Lefevre wrote: >> Le 16/04/2010 20:42, Tom Schutter a =E9crit : http://www.cygwin.com/acronyms/#PCYMTWLL >>> I have number of machines running Windows2003 and Cygwin 1.7.5. On mos= t cron works. But on one (lemon) it does not. It appears that on lemon cr= on cannot switch the user context. >>> >>> Cronevents on lemon shows: >>> >>> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (tschutter) CMD (= /usr/bin/python /cygdrive/f/production-sync/production-sync.py) >>> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (CRON) error (can= 't switch user context) >>> >>> /var/log/cron.log is empty on all machines. >> >> let's configure syslogd from inetutils to have some logs : >> syslogd-config --yes > > I don't have a syslogd-config. Ok. So I installed inetutils. Now I hav= e a syslogd-config which I have just run. And I have started syslogd. > After setting up syslogd, I still see an empty /var/log/cron.log and /var= /log/messages. did you restart cron ? here is my log for an * * * * * date >> /tmp/date.log entry : Apr 17 12:20:40 MV0213 /usr/sbin/cron: PID 2668: (CRON) STARTUP (V5.0) Apr 17 12:20:41 MV0213 cron: PID 3364: `cron' service started Apr 17 12:21:01 MV0213 /usr/sbin/cron: PID 3064: (root) CMD (date >>=20 /tmp/date.log) >> you may need to configure sshd before to have the right permissions >> on /var/empty, etc. (ssh-host-config --yes --user "${CYGSERVER_USER}" >> --pwd "${CYGSERVER_PASS}" where CYGSERVER_USER=3Dcyg_server and >> CYGSERVER_PASS=3Dwhatever you want) > > I am not sure what sshd has to do with cron. IFAIK, if you configure cron w/o configure ssh first, cron-diagnose will=20 break. > In my case sshd cannot run as the cygserver user because it must be a=20 domain user. under 2K3, I'm running sshd w/ a local cyg_server account + lsa + passwd=20 -R w/o problems whatever the passwordless account is local admin or not=20 or domain lambda user. not tried using a domain admin since I don't have=20 access to a domain admin account. however, a local admin is sufficient=20 to stop/start services, etc. so, a domain admin isn't required... >> PS : well, I prefer the legacy one than the ng one... >> >> PS2: IMHO, linux^Wcygwin cron(^W^Wlinux) sucks bcoz it doesn't report on >> tasks return codes as a true unix does... (i.e.:< root 1331 c Tue Feb >> 2 17:32:36 MET 2010 rc=3D1) >> >>> The cron daemon is running as SYSTEM on all machines. >> >> 2K3 may need to be running under cyg_server ? > > Why? I have not seen any doc stating that. > >> to configure cron, I use : >> >> cron-config<< EOF >> yes >> >> no >> no >> no >> ${CYGSERVER_PASS} >> ${CYGSERVER_PASS} >> no >> EOF >> >> PS : doesn't support csih yet :-( > > Your yes and no responses do not match what cron-config asks me: > > lemon:/$ cron-config > Do you want to install the cron daemon as a service? (yes/no) yes > Enter the value of CYGWIN for the daemon: [ ] > > You must decide under what account the cron daemon will run. > If you are the only user on this machine, the daemon can run as yourself. > This gives access to all network drives but only allows you as user. > To run multiple users, cron must change user context without knowing > the passwords. There are three methods to do that, as explained in > http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1 > If all the cron users have executed "passwd -R" (see man passwd), > which provides access to network drives, or if you are using the > cyglsa package, then cron should run under the local system account. > Otherwise you need to have or to create a privileged account. > This script will help you do so. > Do you want the cron daemon to run as yourself? (yes/no) no > > Were the passwords of all cron users saved with "passwd -R", or > are you using the cyglsa package ? (yes/no) yes try to answer no, here, then, you will be asked for cyg_server=20 password... and may still use passwd -R :-) > The cron daemon will run as SYSTEM. > > Running cron_diagnose ... > ... no problem found. > > Do you want to start the cron daemon as a service now? (yes/no) yes > OK. The cron daemon is now running. well, the last no is because I prefer to launch the service myself :-) > lemon:/$ > > It appears that cron-config decides to run cron under the SYSTEM account = because I indicated that I was using cyglsa. > >>> cyglsa is running on all machines. >> >> did you reboot after configuring cyglsa ? >> >>> cygserver is not running on any machine. >> >> 2K3 may need cygserver as well as passwd -D? s/-D/-R/ sorry > If I do a "passwd -R", cron will work. But I don't want to do a "passwd = -R". I am forced to change my password every 60 days. Then I would have t= o go to every cygwin box and change the password there as well. don't know how to make things work w/o passwd -R, sorry. however, an "ssh net user user passwd" is not so hard to do :-) alternative, if using a local account is "net user user /expire:no" Regards, Cyrille Lefevre --=20 mailto:Cyrille DOT Lefevre-lists AT laposte DOT net -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple