This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Windows 2003 Server & Cygwin Cron

This is a follow-up to my original post. I've done some work offline with a
couple of people on this, but wanted to bring the issue, and current
findings, back to the list.

Summary: Windows 2003 server, set up crond per Corinna's directions (posted
below). Once a user (pick a user, any user) does a 'crontab -e', crond
reports 'CANT OPEN (tabs/user)'

At this point, the tabs/user file is owned by user.SYSTEM  If I change the
ownership to user.Administrators, crond is happy and so am I because my cron
jobs run.

So, I have a workaround (manually change the protection on the tabs/user
file to user.Administrators after a 'crontab -e'). I'm posting this in case
others run into the problem, and with the hope that a future rev of cron
will address this problem.



From: "Benn Schreiber" <bls at starwhite dot net>
To: <cygwin at cygwin dot com>
Date: Tue, 16 Dec 2003 08:51:26 -0800
Subject: Re: Windows 2003 Server & Cygwin Cron

I am running on Windows 2003 server, and set up cron_server per this note.
The cron server starts just fine, but reports that it can't open
tabs/theuser (where theuser is the user account name).

The protection on tabs/theuser is 640 o.g is user.SYSTEM  which is probably
why cron server can't open it. I changed the group to administrators, which
cron_server is part of, but unfortunately, a 'crontab -e' resets the group



From: Corinna Vinschen <corinna-cygwin at cygwin dot com> 
To: cygwin at cygwin dot com 
Date: Tue, 11 Nov 2003 10:02:53 +0100 
Subject: Re: Windows 2003 Server & Cygwin Cron 
References: <> 
Reply-to: cygwin at cygwin dot com 
On Mon, Nov 10, 2003 at 03:26:07PM -0700, Brian Cruikshank wrote:
>  I have tried putting
> the everyone group on the Local Security policies for "Create a token
> object", "Logon as service", and "Replace a process level token".  The
> problem still happens.

URGH!  Don't do this.  Remove the Everyone group from these rights
again.  The easiest way is to follow the ssh-host-config script in
creating a special account:

  net user cron_server <passwd> /add /yes
  net localgroup <administrators_group_name> cron_server /add
  editrights -a SeAssignPrimaryTokenPrivilege -u cron_server
  editrights -a SeCreateTokenPrivilege -u cron_server
  editrights -a SeIncreaseQuotaPrivilege -u cron_server
  editrights -a SeServiceLogonRight -u cron_server
  mkpasswd -l -u cron_server >> /etc/passwd

For security reasons:
  editrights -a SeDenyInteractiveLogonRight -u cron_server
  editrights -a SeDenyNetworkLogonRight -u cron_server
  editrights -a SeDenyRemoteInteractiveLogonRight -u cron_server

And then create a cron service using that account:
  cygrunsrv -I cron -p /usr/sbin/cron -a -D -u cron_server -w <passwd>

> By the way, I see reference to a cron README file that should have been in
> the install.  I cannot find it anywhere yet.  Did it get lost in the new
> releases or is it hiding somewhere other than /usr/doc?



Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]