From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <carrier@berkeley.edu>
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com
 [IPv6:2607:f8b0:4864:20::42b])
 by sourceware.org (Postfix) with ESMTPS id 7BFDA3857C4F
 for <cygwin@cygwin.com>; Wed, 25 Nov 2020 23:13:40 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 7BFDA3857C4F
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=berkeley.edu
Authentication-Results: sourceware.org;
 spf=pass smtp.mailfrom=carrier@berkeley.edu
Received: by mail-pf1-x42b.google.com with SMTP id b63so3749985pfg.12
 for <cygwin@cygwin.com>; Wed, 25 Nov 2020 15:13:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=berkeley-edu.20150623.gappssmtp.com; s=20150623;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=hKeCDFForxnuKbICy0LMgcPWnusX3a7c9dedNchGM8M=;
 b=Xdui4EaiqYrimrWG8dLnQXGDgFODLR1z7MzztgFuFlEHZ5DrHIQctwAUxC3DyfEHBD
 BsEekENu9blIyHyY5b0z0eR0AxGHz7sQ13i0FuxxAd7+RGbHuawEqZrRaOSE+V/nO/6X
 DbFSpP3fQ9wf+sNsWtHTLO6PFWMn0qaeX3rZCKYyR1SV/XTaXbz8FhmdFYDCH4EoECtT
 uCJ1lYmBmawiJyvaThgSrD1z2IBDlPc3aNp5NUq1l9hyccKCwXpNZtJMqMp26I7rVaT6
 7nX1m80u5UYCX5v7hM4tHXufXv+JADmd13R0ZhjBIdLqOOhDv2K0f/DT/nhM34TK13tW
 cO4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=hKeCDFForxnuKbICy0LMgcPWnusX3a7c9dedNchGM8M=;
 b=SljSsfzU9MROckitEurEVUrir6LyeIQeFStzbdNgKbAdQrmLqh5eggnrqyjGwwAOMm
 KwFr0G2LAOiPss9e9ZiWwiiVQrastj638MQT9NY6m3y1hg575ZAOR0qMBIK2GDWS9XC5
 15fVgp85rlTe40SssxHshCa0lBYMi9KV34eh3a6SU1idwnBQ0LKo7jW864ua/fLZZuzP
 tTEDdTNuQ0b2OvEodhlQ+oNopVGmTCqmFmXsznbwAlQVcADHlNbAmkrEXtx4zVVYXNxu
 dd9MpHbCugkLCEWpSxpT03b4+3IIoEbvJ7B6S1D1Gzt3J0srl8dyLST8Q7sWvMp+hULz
 uiTg==
X-Gm-Message-State: AOAM533AES+91FKhCn+9Nh4LNxHPjcCsOKfXxLEpyVqlLAX+w3IzafNP
 xaGD6zmCdeuXekz9EmdTQtC9/8eBztqriQ==
X-Google-Smtp-Source: ABdhPJysHPoQltoTrcGFPcRei8lX+Evv8c+QOAavhQazH3WKSSKw16YvqMRRNQfzAqmvvrxqlsXh8Q==
X-Received: by 2002:a17:90a:7343:: with SMTP id j3mr89982pjs.51.1606346019019; 
 Wed, 25 Nov 2020 15:13:39 -0800 (PST)
Received: from iguana.crashland.org
 (ec2-52-35-100-111.us-west-2.compute.amazonaws.com. [52.35.100.111])
 by smtp.gmail.com with ESMTPSA id f18sm2830630pfa.167.2020.11.25.15.13.38
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 25 Nov 2020 15:13:38 -0800 (PST)
Received: by iguana.crashland.org (Postfix, from userid 510)
 id 7F17F61406; Wed, 25 Nov 2020 15:13:37 -0800 (PST)
Date: Wed, 25 Nov 2020 15:13:37 -0800
From: Stephen Carrier <carrier@berkeley.edu>
To: cygwin@cygwin.com
Subject: Re: CRON executes CRONTABS only when run from terminal as
 "/usr/sbin/cron &"
Message-ID: <20201125231337.GA31791@iguana.crashland.org>
References: <CAFWoy7F4Kjv_KSLhBCGaCuMzztLnZr+9GVKedHv7C=RvuwWtMQ@mail.gmail.com>
 <20201116204433.GA16928@iguana.crashland.org>
 <20201116204948.GB16928@iguana.crashland.org>
 <CAFWoy7F8UG+gx-TiFL=U03dRnnbW0iuTspSiE_5ETAuUr_n+8Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAFWoy7F8UG+gx-TiFL=U03dRnnbW0iuTspSiE_5ETAuUr_n+8Q@mail.gmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2020 23:13:42 -0000

>From an e-mail reply that was not posted to the list:

On Wed, Nov 18, 2020 at 04:04:40PM -0700, Keith Christian wrote:
> On Mon, Nov 16, 2020 at 1:49 PM Stephen Carrier <carrier@berkeley.edu> wrote:
> >
> > On Mon, Nov 16, 2020 at 12:44:33PM -0800, Stephen Carrier wrote:
> > > On Sun, Nov 15, 2020 at 02:03:28PM -0700, Keith Christian via Cygwin wrote:
> > > > Cygwin people,
> > > >
> > > > Running with this version of Cygwin.
> > > > CYGWIN_NT-10.0 DESKTOP-ASERVER 3.1.7(0.340/5/3) 2020-08-22 17:48 x86_64 Cygwin
> > > >
> > > > Windows info:
> > > > $ /lib/csih/winProductName.exeMicrosoft Windows 10 Professional,
> > > > 64-bit (build 18363)
> > > >
> > > > I installed using cron-config, and created the cyg_server user.cron
> > > > starts OK, but does not appear to execute the crontabs.
> > > > No messages or errors  in /var/log/cron.log.
> > > >
> > > > $ cygrunsrv -Q cron
> > > > Service             : cron
> > > > Display name        : Cron daemon
> > > > Current State       : Running
> > > > Controls Accepted   : Stop
> > > > Command             : /usr/sbin/cron -n
> > >
> > > What's the output of "cygrunsrv -V -Q cron"?
> > >
> > > What are the file permissions on /var/log/cron.log? ("ls -l
> > > /var/log/cron.log").  The uid running cron needs write permission there.
> > >
> > > I run cron from the Local System account, which can setuid to other users.
> > > I don't know the circumstances where one should still use a non-SYSTEM
> > > account with Windows 10, but they aren't mine and I recommend running
> > > as SYSTEM if possible.
> > >
> > > Stephen
> >
> > I have also found the output of "cronevents" helpful.
> 
> Stephen,
> 
> Thanks very much for the reply.
> 
> The README file may be accurate, but mentions adding users to
> /etc/passwd, which we left behind a long time ago.
> 
>             $ ls -l /usr/share/doc/Cygwin/cron-4.1-65.README
>             -rwxr-xr-x 1 keith keith 5304 Feb 15  2010
> /usr/share/doc/Cygwin/cron-4.1-65.README
> 
> Here is the diagnostic output;
> 
>         $ cygrunsrv -V -Q cron
>         Service             : cron
>         Display name        : Cron daemon
>         Current State       : Running
>         Controls Accepted   : Stop
>         Command             : /usr/sbin/cron -n
>         stdin path          : /dev/null
>         stdout path         : /var/log/cron.log
>         stderr path         : /var/log/cron.log
>         Environment         : CYGWIN=" " TMP="/tmp" TEMP="/tmp"
>         Process Type        : Own Process
>         Startup             : Automatic
>         Account             : .\cyg_server

This looks OK and verfies that the service is running under 'cyg_server'
which is not the Local System account.  As I would have expected from
your description.
 
>         $ ls -l /var/log/cron.log
>         -rw-r--r-- 1 cyg_server None 0 Nov 15 11:11 /var/log/cron.log

Nothing has been logged, but the service should be able to log here if
it has anything to say, since cyg_server has write-permission.

>         $ cronevents | grep error | tail
>         2020/11/18 15:50:01 [cyg_server] /usr/sbin/cron: PID 10382:
> (CRON) error (can't switch user context)
>         2020/11/18 15:50:01 [cyg_server] /usr/sbin/cron: PID 10384:
> (CRON) error (can't switch user context)
>         2020/11/18 15:51:02 [cyg_server] /usr/sbin/cron: PID 10387:
> (CRON) error (can't switch user context)
>         2020/11/18 15:51:02 [cyg_server] /usr/sbin/cron: PID 10388:
> (CRON) error (can't switch user context)

"Can't switch user context" means cyg_server can't change its user id.
This is exactly what I suspected.  The service would try to change
user id to the user that submitted the cron job so it can run with the
privileges of that user.

(simplifying a bit) In UNIX the user that can change to another uid
is root.  For windows the SYSTEM user has that ability so running
services as the SYSTEM user is the easiest thing to do for a service
(like cron or sshd) that needs to change uid.

For ancient versions of Windows this was not the case and it was necessary
to create a special user to own the service, then grant that special
user special privileges.  The setup script supports that and takes care
of the details.

My best recollection is that the setup script will ask if you want to
create the special user, and if you decline, the script will run the
service as SYSTEM user.  So what I suggest you try is to uninstall cron,
and install it again without creating a special account.  See if that
works better.

I ask the community at large if the cron configuration script should
detect whether the SYSTEM user will work and then just set it up that way.
I think trouble is caused by asking users to decide questions if they
don't understand the implications of the answer.

Alternatively, the script could explain that SYSTEM is preferable if
it will work, along with a brief description of when choosing a special
user is desirable.

> I'll wait for your reply before reconfiguring CRON.

Please don't put me in that position.  I have benefitted from the help of
others on this list many times, so I try to helpful when I'm in position
to do so.  I was not and am not the only person who can help you here,
You might have had a reply sooner if you had replied to the list instead
of just to me.

Further, if I say something incorrect, it would be valuable to you and
me both to have it corrected by someone who knows better.

Stephen