This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

/usr/bin/cron-config can render a Win2K3 box unusable

I'm on Windows Server 2003 and carefully read through
/usr/share/doc/Cygwin/cron-4.1-57.README prior to configuring cron.
The guide discusses how a privileged user account is required in order
to run cron.  The script  /usr/bin/cron-config gives you the option of
creating a user account on behalf (e.g. cyg_server) or using your own
account, i.e.

"Since Windows2003, the SYSTEM account cannot setuid to other users.
You may need to have or to create a privileged account."

*** Throughout the setup process, there is no suggestion that using
your own Administrative account, or the BUILTIN "Administrator"
account is discouraged ****

However, the script /usr/bin/cron-config will set NT Rights
"SeDenyInteractiveLogonRight, SeDenyNetworkLogonRight,
SeDenyRemoteInteractiveLogonRight".  In the case of a newly created
account is this fine, but if it is a user supplied account then the
account is instantly locked out.

In the case of a Win2K3 box with only one administrative account, i.e.
"Administrator" (and everyone else running using under priv accounts
in a terminal services environment) this turns out to be catastrophic.

Can the script please be modified to at least WARN the user that these
rights will be applied.  It seems to me that "your own" account can't
really be used at all, for if the rights "SeDenyInteractiveLogonRight,
SeDenyNetworkLogonRight, SeDenyRemoteInteractiveLogonRight" are all
applied then the account cannot be used interactively.

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]