This is the mail archive of the
mailing list for the Cygwin project.
Re: Suggestions for cron/suid script? (accessing network shares)
> > I recently got cron set up on my Win2K box. What a treat not to have to
> > Windows' built in scheduler! Given that cron runs as SYSTEM, what I'm
> > wondering is this: Is there any way to get cron to see my network
> > Specifically, I'm tar/gzipping my Cygwin home dir and want to copy the
> > tarball to a directory on my LAN (Novell share) for which my account for
> > which my logged-in account is the only trustee. When I run a script
> > tries to map it with "net use", I get an error that implies a
> > issue. I'm not likely to be able to convince the network folks to
> > permissions to add my local SYSTEM acct to this share, so I wonder if
> > there's some way to do it with, say, an SUID perl script or something.
> > briefly tried creating one, but not being super familiar with suid, I'm
> > having no luck. Any advice would be welcome. Thanks!
> There are some earlier messages in the archives on this (including a
> one from me). The short answer seems to be "sorry, you can't do it".
> Being a nosy type, and a bit stubborn, I'm still trying to either:
> a) Understand exactly why I can't do it, or better
> b) Figure out how to do it.
> Pursuing a):
> I put an "id" and an "env" and a "net use" in one of the scripts I run
> "id" returns:
> uid=11823(dond) gid=18(SYSTEM) groups=0(Everyone),18(SYSTEM),\
> 10513(Domain Users),11459(Special)
> ("dond" is my domain user login; I broke the line myself.) The only
> difference here from running under the Cygwin shell is the gid; in the
> latter case, the gid is 11459. It appears that crond is indeed "su"ing to
> my user, although keeping its own group.
> Among the "env" output occurs the following:
> CYGWIN=tty ntsec
> "net use" gives:
> Status Local Remote Network
> Unavailable H: \\server1\d$ Microsoft Windows Network
> Unavailable I: \\server2\d$ Microsoft Windows
> Unavailable K: \\server3\users Microsoft Windows
> Disconnected \\server4\common Microsoft Windows Network
> The command completed successfully.
> Finally, I tried "net use u: '\\server5\Users\dond'", and got the
> System error 53 has occurred.
> The network path was not found.
> New connections will be remembered.
> So, the question seems to become: why doesn't "su"ing to my domain user
> the process "enough power" to see network paths?
I don't think the setuid bit works by default. That woud require a 'watcher'
process (i.e. cygserver) which had sufficient priveleges to log on as a user
without a password to set the new processes' token.
These links explain why the SYSTEM account can't access network drives:
Service Running as System Account Fails Accessing Network (Q124184)
Local System Account and Null Sessions in Windows NT (Q132679)
Using the System Account as a Service in Windows NT 3.5 (Q122702)
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html