Comment 20 for bug 27520
Revision history for this message
| Nathan Stratton Treadway (nathanst) wrote Re: [Bug 27520] Re: cron daemon starts before LDAP client, causing "ORPHAN" message for all LDAP-defined users | #20 |
On Sat, May 14, 2011 at 23:48:56 -0000, Christian Kastner wrote:
> cron 3.0pl1-117, which is currently pending upload
> in Debian (after which it will be sync'ed to
> Ubuntu), adds detection and recovery for certain
> kinds of errors we were missing so far.
> Theoretically, this could easily be extended to the
> ORPHAN case, but I'd have to give this some more
> thought (eg: what if ORPHAN is justified, ie the
> user really does not exist).
I think the point here is that cron can't assume that
a crontab is really, permanently ORPHAN just because
the user can't be validated when cron first starts up.
Instead, cron needs to re-check the status of the
user each time it "considers" running a particular
crontab, in case the user has come into "existance"
since the last time it checked.
(If I have followed the program logic correctly [I
just took a quick look through the source for the
Lucid package], I think the opposite situation
can also cause problems.
That is, right now it appears that if an
LDAP/NIS/whatever user is deleted after cron has
already started up, cron will continue to try to run
the defined jobs for that user until it has some other
reason to reload the database. Presumably there will
be a PAM failure when trying to spawn the jobs as the
user in question, but it seems like it would be
"cleaner" to write an explicit log message saying that
the crontab's user was not found, and then completley
skip that user's crontab for that run....)
Nathan