On Thu, 27 May 2004, Mike Kenny - BCX - Mngd Services wrote: > > From: Larry Hall [mailto:[EMAIL PROTECTED]
<http://cygwin.com/acronyms/#PCYMTNQREAIYR>. > > At 03:52 AM 5/26/2004, you wrote: > > >I previously posted a problem where a job failed attaching to an MQ > > >Q Manager when run from cron. The explanation that was provided > > >was that because MQ authenticates the user using the NT services > > >and cron had had to su to that user, bypassing these services, that > > >the user running the job did not then have the correct credentials. > > > > > >This sounds plausible and certainly explains the behaviour I see, but > > >what would be involved in cron checking to see under which user the > > >cygwin session is running and if this is the same user as the cygwin > > >cron service is running under. If they are the same then do not do > > >the change of user? Would this enable the cron job to run with the > > >correct credentials? Or am I totally misunderstanding the problem? > > >I admit that I know little or nothing about either Windows security > > >or how cygwin interacts with it. > > > > > >Thanks for any comments on this > > > > > > In the default installation, the user doing the "su" (as you refer to > > it) is the SYSTEM user. The SYSTEM user has no access to remote SMB > > shares. So your idea doesn't work because it assumes something that > > isn't true. > > > > One possible alternative is to run cron as the user you want to run > > jobs as. I don't recall, off-the-top-of-my-head, whether cron assumes > > that it will run as SYSTEM and, if so, this approach probably wouldn't > > work without changing the code. Another alternative might be to use a > > service which allows accessing remote directories without requiring > > Windows authentication (i.e. not SMB). > > Larry, first, thanks for taking the time to respond. Possibly I do not > understand your comments, but I am confused by the reference to shares. > I have a situation where, on the windows side, cron is running as user > 'mqdisp'. This user is a member of the mqm group (required for MQ Series) > and is an Administrator with permissions to log in as a service and to act > as part of the Operating System. On the cywin side, mqdisp is the user that > is trying to run the cron job that attaches to MQ Series. My event log is > showing me the following: > > [754] MQSeries > Type: WARNING > Computer: TEST1 > Time: 2004/05/27 10:50:14 ID: 8074 > Authorization failed as the SID 'S-1-5-21-776561741-1935655697-1343024091-1007' does > not match the entity 'system'. > The Object Authority Manager received inconsistent data - the supplied SID does > not match that of the supplied entity information. > Ensure that the application is supplying valid entity and SID information. > > While /etc/passwd has the following: > > SYSTEM:*:18:544:,S-1-5-18:: > mqdisp:unused_by_nt/2000/xp:1007:513:mqdisp,U-TEST1\mqdisp,S-1-5-21-776561741-1935655697-1343024091-1007:/home/mqdisp:/bin/bash > > The PS shows that cron is running as SYSTEM, and it seems that it is trying > to use mqdisp's credentials to authenticate system. > > I hope the above better explains my problem. Did you look at <http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID>? > BTW, is there some way that I can login as 'system'? This might provide a > way around this problem. There is, but I doubt it'd be helpful. That said, Google for "system-owned shell cygwin". > Thanks for any input to this Just try what's already been suggested -- run the cron daemon as mqdisp (if that's the only thing you're using cron for) by using the --user and --passwd options to cygrunsrv. Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ [EMAIL PROTECTED] ZZZzz /,`.-'`' -. ;-;;,_ [EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "I have since come to realize that being between your mentor and his route to the bathroom is a major career booster." -- Patrick Naughton -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
