Я пытаюсь запустить задание cron, но не как корень.
В контексте пользователя (скрыто) вот результаты crontab и cron.log:
Вывод crontab -l
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
*/1 * * * * whoami
Вывод /var/log/cron.log (последние 10 строк)
Nov 27 04:24:28 tor-car-rclone CRON[1865]: Permission denied
Nov 27 04:25:01 tor-car-rclone CRON[1870]: Permission denied
Nov 27 04:25:25 tor-car-rclone crontab[1871]: (domainuser@contoso.com) LIST (domainuser@contoso.com)
Nov 27 04:26:01 tor-car-rclone CRON[1875]: Permission denied
Nov 27 04:27:01 tor-car-rclone CRON[1877]: Permission denied
Nov 27 04:28:01 tor-car-rclone CRON[1879]: Permission denied
Nov 27 04:29:01 tor-car-rclone CRON[1884]: Permission denied
Nov 27 04:30:01 tor-car-rclone CRON[1887]: Permission denied
Nov 27 04:31:01 tor-car-rclone CRON[1889]: Permission denied
Nov 27 04:32:01 tor-car-rclone CRON[1894]: Permission denied
Это, очевидно, проблема с разрешениями, но я не уверен, где мне нужно назначать разрешения.
Итак, проблема была связана с GPO, поскольку ящик присоединен к домену AD.
Согласно https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908 , исправлено следующее:
Отредактируйте /etc/sssd/sssd.conf
Добавьте ad_gpo_access_control = permissive
в раздел [domain / corp.contoso.com]
.
Полный пример /etc/sssd/sssd.conf
[sssd]
domains = corp.contoso.com
config_file_version = 2
services = nss, pam
[domain/corp.contoso.com]
ad_domain = corp.contoso.com
krb5_realm = CORP.CONTOSO.com
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u
access_provider = ad
ad_gpo_access_control = permissive