Windows 2003 Server & Cygwin Cron

Benn Schreiber bls@starwhite.net
Wed Dec 17 20:00:00 GMT 2003


This is a follow-up to my original post. I've done some work offline with a
couple of people on this, but wanted to bring the issue, and current
findings, back to the list.

Summary: Windows 2003 server, set up crond per Corinna's directions (posted
below). Once a user (pick a user, any user) does a 'crontab -e', crond
reports 'CANT OPEN (tabs/user)'

At this point, the tabs/user file is owned by user.SYSTEM  If I change the
ownership to user.Administrators, crond is happy and so am I because my cron
jobs run.

So, I have a workaround (manually change the protection on the tabs/user
file to user.Administrators after a 'crontab -e'). I'm posting this in case
others run into the problem, and with the hope that a future rev of cron
will address this problem.

Thanks

Benn

From: "Benn Schreiber" <bls at starwhite dot net>
To: <cygwin at cygwin dot com>
Date: Tue, 16 Dec 2003 08:51:26 -0800
Subject: Re: Windows 2003 Server & Cygwin Cron

I am running on Windows 2003 server, and set up cron_server per this note.
The cron server starts just fine, but reports that it can't open
tabs/theuser (where theuser is the user account name).

The protection on tabs/theuser is 640 o.g is user.SYSTEM  which is probably
why cron server can't open it. I changed the group to administrators, which
cron_server is part of, but unfortunately, a 'crontab -e' resets the group
to SYSTEM.

Thanks

Benn

From: Corinna Vinschen <corinna-cygwin at cygwin dot com> 
To: cygwin at cygwin dot com 
Date: Tue, 11 Nov 2003 10:02:53 +0100 
Subject: Re: Windows 2003 Server & Cygwin Cron 
References: <NPEOLGGPKHICABBIJEIBCELECCAA.brian@cruik.org> 
Reply-to: cygwin at cygwin dot com 
________________________________________
On Mon, Nov 10, 2003 at 03:26:07PM -0700, Brian Cruikshank wrote:
>  I have tried putting
> the everyone group on the Local Security policies for "Create a token
> object", "Logon as service", and "Replace a process level token".  The
> problem still happens.

URGH!  Don't do this.  Remove the Everyone group from these rights
again.  The easiest way is to follow the ssh-host-config script in
creating a special account:

  net user cron_server <passwd> /add /yes
  net localgroup <administrators_group_name> cron_server /add
  editrights -a SeAssignPrimaryTokenPrivilege -u cron_server
  editrights -a SeCreateTokenPrivilege -u cron_server
  editrights -a SeIncreaseQuotaPrivilege -u cron_server
  editrights -a SeServiceLogonRight -u cron_server
  mkpasswd -l -u cron_server >> /etc/passwd

For security reasons:
  editrights -a SeDenyInteractiveLogonRight -u cron_server
  editrights -a SeDenyNetworkLogonRight -u cron_server
  editrights -a SeDenyRemoteInteractiveLogonRight -u cron_server

And then create a cron service using that account:
  cygrunsrv -I cron -p /usr/sbin/cron -a -D -u cron_server -w <passwd>

> By the way, I see reference to a cron README file that should have been in
> the install.  I cannot find it anywhere yet.  Did it get lost in the new
> releases or is it hiding somewhere other than /usr/doc?

/usr/share/doc/...

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list