Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-WM-Posted-At: avacado.atomice.net; Tue, 2 Jul 02 21:20:59 +0100 Message-ID: <01a701c22205$fa650320$0100a8c0@advent02> From: "Chris January" To: References: <3D2077F5 DOT 1000505 AT dufair DOT org> Subject: Re: Suggestions for cron/suid script? (accessing network shares) Date: Tue, 2 Jul 2002 21:20:58 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > > I recently got cron set up on my Win2K box. What a treat not to have to use > > Windows' built in scheduler! Given that cron runs as SYSTEM, what I'm > > wondering is this: Is there any way to get cron to see my network shares? > > Specifically, I'm tar/gzipping my Cygwin home dir and want to copy the > > tarball to a directory on my LAN (Novell share) for which my account for > > which my logged-in account is the only trustee. When I run a script that > > tries to map it with "net use", I get an error that implies a permissions > > issue. I'm not likely to be able to convince the network folks to change > > permissions to add my local SYSTEM acct to this share, so I wonder if > > there's some way to do it with, say, an SUID perl script or something. I > > briefly tried creating one, but not being super familiar with suid, I'm > > having no luck. Any advice would be welcome. Thanks! > > There are some earlier messages in the archives on this (including a recent > one from me). The short answer seems to be "sorry, you can't do it". > > Being a nosy type, and a bit stubborn, I'm still trying to either: > a) Understand exactly why I can't do it, or better > b) Figure out how to do it. > > Pursuing a): > I put an "id" and an "env" and a "net use" in one of the scripts I run from > cron. > > "id" returns: > uid=11823(dond) gid=18(SYSTEM) groups=0(Everyone),18(SYSTEM),\ > 10513(Domain Users),11459(Special) > ("dond" is my domain user login; I broke the line myself.) The only > difference here from running under the Cygwin shell is the gid; in the > latter case, the gid is 11459. It appears that crond is indeed "su"ing to > my user, although keeping its own group. > > Among the "env" output occurs the following: > CYGWIN=tty ntsec > > "net use" gives: > Status Local Remote Network > ---------------------------------------------------------------------- --------- > Unavailable H: \\server1\d$ Microsoft Windows Network > Unavailable I: \\server2\d$ Microsoft Windows Network > Unavailable K: \\server3\users Microsoft Windows Network > Disconnected \\server4\common Microsoft Windows Network > The command completed successfully. > > Finally, I tried "net use u: '\\server5\Users\dond'", and got the following: > System error 53 has occurred. > The network path was not found. > New connections will be remembered. > > So, the question seems to become: why doesn't "su"ing to my domain user give > the process "enough power" to see network paths? I don't think the setuid bit works by default. That woud require a 'watcher' process (i.e. cygserver) which had sufficient priveleges to log on as a user without a password to set the new processes' token. These links explain why the SYSTEM account can't access network drives: Service Running as System Account Fails Accessing Network (Q124184) http://support.microsoft.com/default.aspx?scid=kb;en-us;Q124184 Local System Account and Null Sessions in Windows NT (Q132679) http://support.microsoft.com/default.aspx?scid=kb;en-us;Q132679 Using the System Account as a Service in Windows NT 3.5 (Q122702) http://support.microsoft.com/default.aspx?scid=kb;en-us;Q122702 Regards Chris -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/