From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13]) by sourceware.org (Postfix) with ESMTPS id BC0E93857C7F for ; Wed, 28 Apr 2021 00:14:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org BC0E93857C7F Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSw.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from [192.168.1.104] ([68.147.0.90]) by shaw.ca with ESMTP id bXqQljKA8ycp5bXqRljncu; Tue, 27 Apr 2021 18:14:23 -0600 X-Authority-Analysis: v=2.4 cv=H864f8Ui c=1 sm=1 tr=0 ts=6088a8df a=T+ovY1NZ+FAi/xYICV7Bgg==:117 a=T+ovY1NZ+FAi/xYICV7Bgg==:17 a=IkcTkHD0fZMA:10 a=mrhRj34UwXejC0KknB0A:9 a=QEXdDO2ut3YA:10 Reply-To: cygwin@cygwin.com To: cygwin@cygwin.com References: <07454449-b11f-febb-bda5-98c6822608d1@t-online.de> From: Brian Inglis Organization: Systematic Software Subject: Re: Cron can't switch user context Message-ID: <19ee56d3-2cde-c385-c7e5-d7aa8b998e8b@SystematicSw.ab.ca> Date: Tue, 27 Apr 2021 18:14:22 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0 MIME-Version: 1.0 In-Reply-To: <07454449-b11f-febb-bda5-98c6822608d1@t-online.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-CA Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4xfPOb1UtdKG1DGdm5u+MvjLg/32JZpiUczUXcu83PckdFA/h5cPwhJvZPYgzH91+MWwuGB3uADNIn3HXiCqVfxqfd5Zye9eEJmiDb91wc53wbmazUo6Om pwexQRysqLR1qLlxXqw2/XaA1Y5lSWDGwAI2+v2ZvmjlKG7T+LX3OJM5ubAMxQWVPOcYKU4DcRDBEM6yUFxUQFpBe56QhDSVP3U= X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Apr 2021 00:14:26 -0000 On 2021-04-27 04:37, Peter Pfannenschmid wrote: > However, today we have run into an issue with cron. Please see the attached logs > for details. > > Additional notes: > > - O/S is Windows Server 2019 Standard x64 > > - The cyg_server user has been created by cron-config, and we didn't change > anything in that user's configuration afterwards. However, we have verified that > this user has sufficient privileges (Replace a process level token, Log on as a > service, Create a token object, Be part of the Administrators group). > > - We did some tests with cron-config. We always stopped the Cygwin Cron Service > before running cron-config. We always answered con-config's question the same, > except the question "Enter the value of CYGWIN for the daemon". We don't know > what this is about, so we first let it at the default value, just hitting Enter. > In the next try, we answered "netsec" and hit Enter (as found on stackoverflow). > In the third try, we answered "binmode netsec" and hit Enter (as found on the > Oracle website). > > However, the behavior was the same regardless of what answer we had given there. > > - Our goal is to run the Cygwin cron daemon as a Windows service, to have that > Windows service log on as "cyg_server" (not "Administrator" or "System), and to > let the cron daemon execute crontabs from different users (including the user > "Administrator"). > > The service is starting and reads Administrator's crontab, but when trying to > execute the entries, it can't do that and errors out with "(CRON) error (can't > switch user context)". We haven't installed crontabs for other users yet, > because the crontab of Administrator is the most important one, so we'd like to > concentrate on solving that problem first. > > We are aware that there are many tutorials and Q&A on the net which deal with > exactly this subject. However, none of the proposed solutions worked for us. > > We would be very glad if you could give us some hints how to solve the problem. > P.S. Please note that /var/log/cron.log and /home/Administrator/cron.log are > both empty, so we didn't attach them. I changed mine to run under LocalSystem account when system upgraded, had cyglsa installed previously (not used now I believe), and set passwd -R for account. Don't forget to either set PATH to scripts in crontab or set for system before cygrunsrv starts cron as a Windows service. Start by running a simple test script to create some date-time dependent variable file name at some minute so you can change that to get it run immediately. It won't run again for an hour, which gives you time to tweak your setup, and change the crontab to run it the next minute. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.]