This is the mail archive of the
mailing list for the Cygwin project.
/usr/bin/cron-config can render a Win2K3 box unusable
- From: Patrick Rynhart <prynhart at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Wed, 17 Feb 2010 09:44:39 +1300
- Subject: /usr/bin/cron-config can render a Win2K3 box unusable
I'm on Windows Server 2003 and carefully read through
/usr/share/doc/Cygwin/cron-4.1-57.README prior to configuring cron.
The guide discusses how a privileged user account is required in order
to run cron. The script /usr/bin/cron-config gives you the option of
creating a user account on behalf (e.g. cyg_server) or using your own
"Since Windows2003, the SYSTEM account cannot setuid to other users.
You may need to have or to create a privileged account."
*** Throughout the setup process, there is no suggestion that using
your own Administrative account, or the BUILTIN "Administrator"
account is discouraged ****
However, the script /usr/bin/cron-config will set NT Rights
SeDenyRemoteInteractiveLogonRight". In the case of a newly created
account is this fine, but if it is a user supplied account then the
account is instantly locked out.
In the case of a Win2K3 box with only one administrative account, i.e.
"Administrator" (and everyone else running using under priv accounts
in a terminal services environment) this turns out to be catastrophic.
Can the script please be modified to at least WARN the user that these
rights will be applied. It seems to me that "your own" account can't
really be used at all, for if the rights "SeDenyInteractiveLogonRight,
SeDenyNetworkLogonRight, SeDenyRemoteInteractiveLogonRight" are all
applied then the account cannot be used interactively.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple