cron error can't switch user context

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

cron error can't switch user context

Tom Schutter-2
I have number of machines running Windows2003 and Cygwin 1.7.5.  On most cron works.  But on one (lemon) it does not.  It appears that on lemon cron cannot switch the user context.

Cronevents on lemon shows:

2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (tschutter) CMD (/usr/bin/python /cygdrive/f/production-sync/production-sync.py)
2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (CRON) error (can't switch user context)

/var/log/cron.log is empty on all machines.

The cron daemon is running as SYSTEM on all machines.

cyglsa is running on all machines.

cygserver is not running on any machine.

I have rerun cron-config, rebooted, etc.

I have searched the net, but most solutions seem to involve Cygwin 1.5 and no cyglsa.

Does anyone have any suggestions?

--
Tom Schutter
First American Spatial Solutions
303-440-7272 x6822
512-977-6822

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: cron error can't switch user context

Tom Schutter-2
I have attached cronbug.txt as per the cron-config instructions.

Note that the original cronbug.txt was over 5MB.  I edited cronbug.txt and removed 46000 lines of cronevents output.  Is there any way of cleaning out old cron entries from the event log?

On Fri 2010-04-16 13:42, Tom Schutter wrote:

> I have number of machines running Windows2003 and Cygwin 1.7.5.  On most cron works.  But on one (lemon) it does not.  It appears that on lemon cron cannot switch the user context.
>
> Cronevents on lemon shows:
>
> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (tschutter) CMD (/usr/bin/python /cygdrive/f/production-sync/production-sync.py)
> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (CRON) error (can't switch user context)
>
> /var/log/cron.log is empty on all machines.
>
> The cron daemon is running as SYSTEM on all machines.
>
> cyglsa is running on all machines.
>
> cygserver is not running on any machine.
>
> I have rerun cron-config, rebooted, etc.
>
> I have searched the net, but most solutions seem to involve Cygwin 1.5 and no cyglsa.
>
> Does anyone have any suggestions?
>
> --
> Tom Schutter
> First American Spatial Solutions
> 303-440-7272 x6822
> 512-977-6822
>
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>
--
Tom Schutter
First American Spatial Solutions
303-440-7272 x6822
512-977-6822

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

cronbug.txt (26K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: cron error can't switch user context

Pierre A Humblet
----- Original Message -----
From: "Tom Schutter"
To: cygwin
Sent: Friday, April 16, 2010 15:29


|I have attached cronbug.txt as per the cron-config instructions.
|
| Note that the original cronbug.txt was over 5MB.  I edited cronbug.txt and removed 46000 lines
of cronevents output.  Is there any way of cleaning out old cron entries from the event log?
|
| On Fri 2010-04-16 13:42, Tom Schutter wrote:
| > I have number of machines running Windows2003 and Cygwin 1.7.5.  On most cron works.  But on
one (lemon) it does not.  It appears that on lemon cron cannot switch the user context.
| >
| > Cronevents on lemon shows:
| >
| > 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (tschutter) CMD (/usr/bin/python
/cygdrive/f/production-sync/production-sync.py)
| > 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (CRON) error (can't switch user
context)
| >
| > /var/log/cron.log is empty on all machines.
| >
| > The cron daemon is running as SYSTEM on all machines.
| >
| > cyglsa is running on all machines.
| >

Hi,

I should perhaps modify cronbug to use "tail" with cronevents, but it's unusual to see
a report that cron is broken yet there are 46000 lines in the log!
I assume cron used to work, then something happened and it stopped working.
Or there is something special about the tschutter account.
Can you identify the "something" ?
Any difference between the lemon and the others?

It's  most likly not a cron problem, but something to do with cyglsa. I have never
used it, don't have a system like yours to test and there is no such previous report.
So not sure what to recommend.
Does password-less ssh work for tschutter ?
If you can't identify the "something", you could try to strace cron on the lemon
and on another machine. Here is the recipe.

Stop the cron service.
Use a simple crontab that runs every minute, for only one user.
Using cygrunsrv, create a new service runing "strace" with argument "cron" under SYSTEM
1)  cygrunsrv -I trace_cron -p /usr/bin/strace -a /usr/sbin/cron
2)  cygrunsrv -S trace_cron
3)  Let this run for no more than 2 minutes, output will be in /var/log/trace_cron.log
     You may have to use kill -9 to stop the service (kill the cron pid)
4)  Send the trace_cron.log file as an attachment.
5)  Remove the trace_cron service
Restart cron

Pierre


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: cron error can't switch user context

Cyrille Lefevre
In reply to this post by Tom Schutter-2

Le 16/04/2010 20:42, Tom Schutter a écrit :
>
> I have number of machines running Windows2003 and Cygwin 1.7.5.  On most cron works.  But on one (lemon) it does not.  It appears that on lemon cron cannot switch the user context.
>
> Cronevents on lemon shows:
>
> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (tschutter) CMD (/usr/bin/python /cygdrive/f/production-sync/production-sync.py)
> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (CRON) error (can't switch user context)
>
> /var/log/cron.log is empty on all machines.

let's configure syslogd from inetutils to have some logs :
syslogd-config --yes

you may need to configure sshd before to have the right permissions
on /var/empty, etc. (ssh-host-config --yes --user "${CYGSERVER_USER}"
--pwd "${CYGSERVER_PASS}" where CYGSERVER_USER=cyg_server and
CYGSERVER_PASS=whatever you want)

PS : well, I prefer the legacy one than the ng one...

PS2: IMHO, linux^Wcygwin cron(^W^Wlinux) sucks bcoz it doesn't report on
tasks return codes as a true unix does... (i.e.: <  root 1331 c Tue Feb
  2 17:32:36 MET 2010 rc=1)

> The cron daemon is running as SYSTEM on all machines.

2K3 may need to be running under cyg_server ?

to configure cron, I use :

cron-config << EOF
yes

no
no
no
${CYGSERVER_PASS}
${CYGSERVER_PASS}
no
EOF

PS : doesn't support csih yet :-(

> cyglsa is running on all machines.

did you reboot after configuring cyglsa ?

> cygserver is not running on any machine.

2K3 may need cygserver as well as passwd -D?

> I have rerun cron-config, rebooted, etc.

well, ok, you surelly have rebooted :-)

> I have searched the net, but most solutions seem to involve Cygwin 1.5 and no cyglsa.
>
> Does anyone have any suggestions?

done.

Cordialement,

Cyrille Lefevre
--
mailto:[hidden email]



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: cron error can't switch user context

Cyrille Lefevre

Le 17/04/2010 00:06, Cyrille Lefevre a écrit :
>> cygserver is not running on any machine.
>
> 2K3 may need cygserver as well as passwd -D?

s/-D/-R/ sorry

Cordialement,

Cyrille Lefevre
--
mailto:[hidden email]



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: cron error can't switch user context

Tom Schutter-2
In reply to this post by Pierre A Humblet
On Fri 2010-04-16 16:15, Pierre A. Humblet wrote:
> I should perhaps modify cronbug to use "tail" with cronevents, but it's unusual to see
> a report that cron is broken yet there are 46000 lines in the log!

The 46000 lines came from running a script once a minute under Cygwin 1.5.  It stopped working once I migrated to Cygwin 1.7.
I agree that cronbug should tail cronevents.

> I assume cron used to work, then something happened and it stopped working.
> Or there is something special about the tschutter account.
> Can you identify the "something" ?
> Any difference between the lemon and the others?

There must be a difference, I just can't figure out what it is.

> It's  most likly not a cron problem, but something to do with cyglsa. I have never
> used it, don't have a system like yours to test and there is no such previous report.
> So not sure what to recommend.

I am suspecting cyglsa as well.

> Does password-less ssh work for tschutter ?

Yes.

> If you can't identify the "something", you could try to strace cron on the lemon
> and on another machine. Here is the recipe.
>
> Stop the cron service.
> Use a simple crontab that runs every minute, for only one user.
> Using cygrunsrv, create a new service runing "strace" with argument "cron" under SYSTEM
> 1)  cygrunsrv -I trace_cron -p /usr/bin/strace -a /usr/sbin/cron
> 2)  cygrunsrv -S trace_cron
> 3)  Let this run for no more than 2 minutes, output will be in /var/log/trace_cron.log
>      You may have to use kill -9 to stop the service (kill the cron pid)
> 4)  Send the trace_cron.log file as an attachment.
> 5)  Remove the trace_cron service
> Restart cron
I have attached the first 1500 lines of a strace log on lemon and from another working machine.
I think the interesting part is at about line 1245 where you see the second occurrence of the string "lsaauth".
On lemon (cron broken) it appears that LsaLogonUser fails a windows error 87 (invalid parameter?).
On px03 (cron works) it appears that lsaauth() succeeds and that it then loads the tschutter registry_hive.

But now I know the difference between lemon and the rest of the machines.  lemon is running Cygwin 1.7.5.  px03 is running Cygwin 1.7.1.  I just upgraded another machine from 1.7.1 to 1.7.5 and cron is broken on that machine as well.

--
Tom Schutter
First American Spatial Solutions
303-440-7272 x6822
512-977-6822

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

trace_cron-lemon.log (179K) Download Attachment
trace_cron-px03.log (178K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: cron error can't switch user context

Tom Schutter-2
In reply to this post by Cyrille Lefevre
On Fri 2010-04-16 17:06, Cyrille Lefevre wrote:

>
> Le 16/04/2010 20:42, Tom Schutter a écrit :
> >
> > I have number of machines running Windows2003 and Cygwin 1.7.5.  On most cron works.  But on one (lemon) it does not.  It appears that on lemon cron cannot switch the user context.
> >
> > Cronevents on lemon shows:
> >
> > 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (tschutter) CMD (/usr/bin/python /cygdrive/f/production-sync/production-sync.py)
> > 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (CRON) error (can't switch user context)
> >
> > /var/log/cron.log is empty on all machines.
>
> let's configure syslogd from inetutils to have some logs :
> syslogd-config --yes

I don't have a syslogd-config.  Ok.  So I installed inetutils.  Now I have a syslogd-config which I have just run.  And I have started syslogd.
After setting up syslogd, I still see an empty /var/log/cron.log and /var/log/messages.

> you may need to configure sshd before to have the right permissions
> on /var/empty, etc. (ssh-host-config --yes --user "${CYGSERVER_USER}"
> --pwd "${CYGSERVER_PASS}" where CYGSERVER_USER=cyg_server and
> CYGSERVER_PASS=whatever you want)

I am not sure what sshd has to do with cron.  In my case sshd cannot run as the cygserver user because it must be a domain user.

> PS : well, I prefer the legacy one than the ng one...
>
> PS2: IMHO, linux^Wcygwin cron(^W^Wlinux) sucks bcoz it doesn't report on
> tasks return codes as a true unix does... (i.e.: <  root 1331 c Tue Feb
>   2 17:32:36 MET 2010 rc=1)
>
> > The cron daemon is running as SYSTEM on all machines.
>
> 2K3 may need to be running under cyg_server ?

Why?  I have not seen any doc stating that.

> to configure cron, I use :
>
> cron-config << EOF
> yes
>
> no
> no
> no
> ${CYGSERVER_PASS}
> ${CYGSERVER_PASS}
> no
> EOF
>
> PS : doesn't support csih yet :-(

Your yes and no responses do not match what cron-config asks me:

lemon:/$ cron-config
Do you want to install the cron daemon as a service? (yes/no) yes
Enter the value of CYGWIN for the daemon: [ ]

You must decide under what account the cron daemon will run.
If you are the only user on this machine, the daemon can run as yourself.
   This gives access to all network drives but only allows you as user.
To run multiple users, cron must change user context without knowing
  the passwords. There are three methods to do that, as explained in
  http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
If all the cron users have executed "passwd -R" (see man passwd),
  which provides access to network drives, or if you are using the
  cyglsa package, then cron should run under the local system account.
Otherwise you need to have or to create a privileged account.
  This script will help you do so.
Do you want the cron daemon to run as yourself? (yes/no) no

Were the passwords of all cron users saved with "passwd -R", or
are you using the cyglsa package ? (yes/no) yes
The cron daemon will run as SYSTEM.

Running cron_diagnose ...
... no problem found.

Do you want to start the cron daemon as a service now? (yes/no) yes
OK. The cron daemon is now running.

In case of problem, examine the log file for cron,
/var/log/cron.log, and the appropriate syslog file
for information about the problem cron is having.

Examine also any cron.log file in the HOME directory
(or the file specified in MAILTO) and cron related files in /tmp.

If you cannot fix the problem, then report it to [hidden email].
Please run the script /usr/bin/cronbug and ATTACH its output
(the file cronbug.txt) to your e-mail.

WARNING: PATH may be set differently under cron than in interactive shells.
         Names such as "find" and "date" may refer to Windows programs.

lemon:/$

It appears that cron-config decides to run cron under the SYSTEM account because I indicated that I was using cyglsa.

> > cyglsa is running on all machines.
>
> did you reboot after configuring cyglsa ?
>
> > cygserver is not running on any machine.
>
> 2K3 may need cygserver as well as passwd -D?

If I do a "passwd -R", cron will work.  But I don't want to do a "passwd -R".  I am forced to change my password every 60 days.  Then I would have to go to every cygwin box and change the password there as well.

> > I have rerun cron-config, rebooted, etc.
>
> well, ok, you surelly have rebooted :-)
>
> > I have searched the net, but most solutions seem to involve Cygwin 1.5 and no cyglsa.
> >
> > Does anyone have any suggestions?
>
> done.

--
Tom Schutter
First American Spatial Solutions
303-440-7272 x6822
512-977-6822

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|

Re: cron error can't switch user context

Cyrille Lefevre

Le 17/04/2010 01:43, Tom Schutter a écrit :
> On Fri 2010-04-16 17:06, Cyrille Lefevre wrote:
>> Le 16/04/2010 20:42, Tom Schutter a écrit :

http://www.cygwin.com/acronyms/#PCYMTWLL

>>> I have number of machines running Windows2003 and Cygwin 1.7.5.  On most cron works.  But on one (lemon) it does not.  It appears that on lemon cron cannot switch the user context.
>>>
>>> Cronevents on lemon shows:
>>>
>>> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (tschutter) CMD (/usr/bin/python /cygdrive/f/production-sync/production-sync.py)
>>> 2010/04/15 17:19:01 [SYSTEM] /usr/sbin/cron: PID 656: (CRON) error (can't switch user context)
>>>
>>> /var/log/cron.log is empty on all machines.
>>
>> let's configure syslogd from inetutils to have some logs :
>> syslogd-config --yes
>
> I don't have a syslogd-config.  Ok.  So I installed inetutils.  Now I have a syslogd-config which I have just run.  And I have started syslogd.
> After setting up syslogd, I still see an empty /var/log/cron.log and /var/log/messages.

did you restart cron ?
here is my log for an * * * * * date >> /tmp/date.log entry :
Apr 17 12:20:40 MV0213 /usr/sbin/cron: PID 2668: (CRON) STARTUP (V5.0)
Apr 17 12:20:41 MV0213 cron: PID 3364: `cron' service started
Apr 17 12:21:01 MV0213 /usr/sbin/cron: PID 3064: (root) CMD (date >>
/tmp/date.log)

>> you may need to configure sshd before to have the right permissions
>> on /var/empty, etc. (ssh-host-config --yes --user "${CYGSERVER_USER}"
>> --pwd "${CYGSERVER_PASS}" where CYGSERVER_USER=cyg_server and
>> CYGSERVER_PASS=whatever you want)
>
> I am not sure what sshd has to do with cron.

IFAIK, if you configure cron w/o configure ssh first, cron-diagnose will
break.

 > In my case sshd cannot run as the cygserver user because it must be a
domain user.

under 2K3, I'm running sshd w/ a local cyg_server account + lsa + passwd
-R w/o problems whatever the passwordless account is local admin or not
or domain lambda user. not tried using a domain admin since I don't have
access to a domain admin account. however, a local admin is sufficient
to stop/start services, etc. so, a domain admin isn't required...

>> PS : well, I prefer the legacy one than the ng one...
>>
>> PS2: IMHO, linux^Wcygwin cron(^W^Wlinux) sucks bcoz it doesn't report on
>> tasks return codes as a true unix does... (i.e.:<   root 1331 c Tue Feb
>>    2 17:32:36 MET 2010 rc=1)
>>
>>> The cron daemon is running as SYSTEM on all machines.
>>
>> 2K3 may need to be running under cyg_server ?
>
> Why?  I have not seen any doc stating that.
>
>> to configure cron, I use :
>>
>> cron-config<<  EOF
>> yes
>>
>> no
>> no
>> no
>> ${CYGSERVER_PASS}
>> ${CYGSERVER_PASS}
>> no
>> EOF
>>
>> PS : doesn't support csih yet :-(
>
> Your yes and no responses do not match what cron-config asks me:
>
> lemon:/$ cron-config
> Do you want to install the cron daemon as a service? (yes/no) yes
> Enter the value of CYGWIN for the daemon: [ ]
>
> You must decide under what account the cron daemon will run.
> If you are the only user on this machine, the daemon can run as yourself.
>     This gives access to all network drives but only allows you as user.
> To run multiple users, cron must change user context without knowing
>    the passwords. There are three methods to do that, as explained in
>    http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
> If all the cron users have executed "passwd -R" (see man passwd),
>    which provides access to network drives, or if you are using the
>    cyglsa package, then cron should run under the local system account.
> Otherwise you need to have or to create a privileged account.
>    This script will help you do so.
> Do you want the cron daemon to run as yourself? (yes/no) no
>
> Were the passwords of all cron users saved with "passwd -R", or
> are you using the cyglsa package ? (yes/no) yes

try to answer no, here, then, you will be asked for cyg_server
password... and may still use passwd -R :-)

> The cron daemon will run as SYSTEM.
>
> Running cron_diagnose ...
> ... no problem found.
>
> Do you want to start the cron daemon as a service now? (yes/no) yes
> OK. The cron daemon is now running.

well, the last no is because I prefer to launch the service myself :-)

<snip>

> lemon:/$
>
> It appears that cron-config decides to run cron under the SYSTEM account because I indicated that I was using cyglsa.
>
>>> cyglsa is running on all machines.
>>
>> did you reboot after configuring cyglsa ?
>>
>>> cygserver is not running on any machine.
>>
>> 2K3 may need cygserver as well as passwd -D?

s/-D/-R/ sorry

> If I do a "passwd -R", cron will work.  But I don't want to do a "passwd -R".  I am forced to change my password every 60 days.  Then I would have to go to every cygwin box and change the password there as well.

don't know how to make things work w/o passwd -R, sorry.

however, an "ssh net user user passwd" is not so hard to do :-)
alternative, if using a local account is "net user user /expire:no"

<snip>

Regards,

Cyrille Lefevre
--
mailto:[hidden email]



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple