Re: cron error can't switch user context

[Cyrille Lefevre <cyrille dot lefevre-lists at laposte dot net>]

Le 17/04/2010 01:43, Tom Schutter a écrit :
> On Fri 2010-04-16 17:06, Cyrille Lefevre wrote:
> > Le 16/04/2010 20:42, Tom Schutter a écrit :

http://www.cygwin.com/acronyms/#PCYMTWLL

> > > I have number of machines running Windows2003 and Cygwin 1.7.5.  On most cron works.  But on one (lemon) it does not.  It appears that on lemon cron cannot switch the user context.
> > >
> > > Cronevents on lemon shows:
> > >
> > > 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (tschutter) CMD (/usr/bin/python /cygdrive/f/production-sync/production-sync.py)
> > > 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (CRON) error (can't switch user context)
> > >
> > > /var/log/cron.log is empty on all machines.
> >
> > let's configure syslogd from inetutils to have some logs :
> > syslogd-config --yes
>
> I don't have a syslogd-config.  Ok.  So I installed inetutils.  Now I have a syslogd-config which I have just run.  And I have started syslogd.
> After setting up syslogd, I still see an empty /var/log/cron.log and /var/log/messages.

did you restart cron ?
here is my log for an * * * * * date >> /tmp/date.log entry :
Apr 17 12:20:40 MV0213 /usr/sbin/cron: PID 2668: (CRON) STARTUP (V5.0)
Apr 17 12:20:41 MV0213 cron: PID 3364: `cron' service started
Apr 17 12:21:01 MV0213 /usr/sbin/cron: PID 3064: (root) CMD (date >> 
/tmp/date.log)

> > you may need to configure sshd before to have the right permissions
> > on /var/empty, etc. (ssh-host-config --yes --user "${CYGSERVER_USER}"
> > --pwd "${CYGSERVER_PASS}" where CYGSERVER_USER=cyg_server and
> > CYGSERVER_PASS=whatever you want)
>
> I am not sure what sshd has to do with cron.

IFAIK, if you configure cron w/o configure ssh first, cron-diagnose will 
break.

> In my case sshd cannot run as the cygserver user because it must be a 
domain user.

under 2K3, I'm running sshd w/ a local cyg_server account + lsa + passwd 
-R w/o problems whatever the passwordless account is local admin or not 
or domain lambda user. not tried using a domain admin since I don't have 
access to a domain admin account. however, a local admin is sufficient 
to stop/start services, etc. so, a domain admin isn't required...

> > PS : well, I prefer the legacy one than the ng one...
> >
> > PS2: IMHO, linux^Wcygwin cron(^W^Wlinux) sucks bcoz it doesn't report on
> > tasks return codes as a true unix does... (i.e.:<   root 1331 c Tue Feb
> >    2 17:32:36 MET 2010 rc=1)
> >
> > > The cron daemon is running as SYSTEM on all machines.
> >
> > 2K3 may need to be running under cyg_server ?
>
> Why?  I have not seen any doc stating that.
>
> > to configure cron, I use :
> >
> > cron-config<<  EOF
> > yes
> >
> > no
> > no
> > no
> > ${CYGSERVER_PASS}
> > ${CYGSERVER_PASS}
> > no
> > EOF
> >
> > PS : doesn't support csih yet :-(
>
> Your yes and no responses do not match what cron-config asks me:
>
> lemon:/$ cron-config
> Do you want to install the cron daemon as a service? (yes/no) yes
> Enter the value of CYGWIN for the daemon: [ ]
>
> You must decide under what account the cron daemon will run.
> If you are the only user on this machine, the daemon can run as yourself.
>     This gives access to all network drives but only allows you as user.
> To run multiple users, cron must change user context without knowing
>    the passwords. There are three methods to do that, as explained in
>    http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
> If all the cron users have executed "passwd -R" (see man passwd),
>    which provides access to network drives, or if you are using the
>    cyglsa package, then cron should run under the local system account.
> Otherwise you need to have or to create a privileged account.
>    This script will help you do so.
> Do you want the cron daemon to run as yourself? (yes/no) no
>
> Were the passwords of all cron users saved with "passwd -R", or
> are you using the cyglsa package ? (yes/no) yes

try to answer no, here, then, you will be asked for cyg_server 
password... and may still use passwd -R :-)

> The cron daemon will run as SYSTEM.
>
> Running cron_diagnose ...
> ... no problem found.
>
> Do you want to start the cron daemon as a service now? (yes/no) yes
> OK. The cron daemon is now running.

well, the last no is because I prefer to launch the service myself :-)

<snip>
> lemon:/$
>
> It appears that cron-config decides to run cron under the SYSTEM account because I indicated that I was using cyglsa.
>
> > > cyglsa is running on all machines.
> >
> > did you reboot after configuring cyglsa ?
> >
> > > cygserver is not running on any machine.
> >
> > 2K3 may need cygserver as well as passwd -D?

s/-D/-R/ sorry

> If I do a "passwd -R", cron will work.  But I don't want to do a "passwd -R".  I am forced to change my password every 60 days.  Then I would have to go to every cygwin box and change the password there as well.

don't know how to make things work w/o passwd -R, sorry.

however, an "ssh net user user passwd" is not so hard to do :-)
alternative, if using a local account is "net user user /expire:no"

<snip>

Regards,

Cyrille Lefevre
--
mailto:Cyrille.Lefevre-lists@laposte.net



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple