Re: Cron can't switch user context

[Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>]

On 2021-04-27 04:37, Peter Pfannenschmid wrote:
> However, today we have run into an issue with cron. Please see the attached logs 
> for details.
> 
> Additional notes:
> 
> - O/S is Windows Server 2019 Standard x64
> 
> - The cyg_server user has been created by cron-config, and we didn't change 
> anything in that user's configuration afterwards. However, we have verified that 
> this user has sufficient privileges (Replace a process level token, Log on as a 
> service, Create a token object, Be part of the Administrators group).
> 
> - We did some tests with cron-config. We always stopped the Cygwin Cron Service 
> before running cron-config. We always answered con-config's question the same, 
> except the question "Enter the value of CYGWIN for the daemon". We don't know 
> what this is about, so we first let it at the default value, just hitting Enter. 
> In the next try, we answered "netsec" and hit Enter (as found on stackoverflow). 
> In the third try, we answered "binmode netsec" and hit Enter (as found on the 
> Oracle website).
> 
> However, the behavior was the same regardless of what answer we had given there.
> 
> - Our goal is to run the Cygwin cron daemon as a Windows service, to have that 
> Windows service log on as "cyg_server" (not "Administrator" or "System), and to 
> let the cron daemon execute crontabs from different users (including the user 
> "Administrator").
> 
> The service is starting and reads Administrator's crontab, but when trying to 
> execute the entries, it can't do that and errors out with "(CRON) error (can't 
> switch user context)". We haven't installed crontabs for other users yet, 
> because the crontab of Administrator is the most important one, so we'd like to 
> concentrate on solving that problem first.
> 
> We are aware that there are many tutorials and Q&A on the net which deal with 
> exactly this subject. However, none of the proposed solutions worked for us.
> 
> We would be very glad if you could give us some hints how to solve the problem.

> P.S. Please note that /var/log/cron.log and /home/Administrator/cron.log are 
> both empty, so we didn't attach them.

I changed mine to run under LocalSystem account when system upgraded, had cyglsa 
installed previously (not used now I believe), and set passwd -R for account.
Don't forget to either set PATH to scripts in crontab or set for system before 
cygrunsrv starts cron as a Windows service.

Start by running a simple test script to create some date-time dependent 
variable file name at some minute so you can change that to get it run immediately.
It won't run again for an hour, which gives you time to tweak your setup, and 
change the crontab to run it the next minute.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]