New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

windows_task incorrectly requires password when defining a task for the current user #7834

Open
datallah opened this Issue Oct 31, 2018 · 7 comments

Comments

Projects
None yet
6 participants
@datallah

datallah commented Oct 31, 2018

Description

windows_task

Chef Version

14.5.33

Platform Version

Windows 10

Replication Case

A scheduled task can be successfully defined (and runs) using the "schtasks" command via a powershell_script resource:

powershell_script 'gitbackup-schtasks' do
  cwd 'C:/bjsdev'
  code <<-EOH
    schtasks /CREATE /TN "gitbackup" /F /SC "daily" /MO "1" /ST "12:21" /TR "powershell -NonInteractive -File C:/bjsdev/tools/backup_git_repos.ps1" /RU "#{ENV['USERDOMAIN']}\\#{ENV['USERNAME']}"
  EOH
end

However when I try to define the task using the windows_task resource, I get the error referenced in the Client Output.

windows_task 'gitbackup' do
  command 'powershell -NonInteractive -File "C:/bjsdev/tools/backup_git_repos.ps1"'
  cwd 'C:/bjsdev'
  force true
  frequency :daily
  start_time '12:21'
  user "#{ENV['USERDOMAIN']}\\#{ENV['USERNAME']}"
end

Client Output

ArgumentError
-------------
Cannot specify a user other than the system users without specifying a password!. Valid passwordless users: 'NT AUTHORITY\SYSTEM', 'SYSTEM', 'NT AUTHORITY\LOCALSERVICE', 'NT AUTHORITY\NETWORKSERVICE', 'BUILTIN\USERS', 'USERS'

Stacktrace

Generated at 2018-10-31 16:09:07 -0400
ArgumentError: Cannot specify a user other than the system users without specifying a password!. Valid passwordless users: 'NT AUTHORITY\SYSTEM', 'SYSTEM', 'NT AUTHORITY\LOCALSERVICE', 'NT AUTHORITY\NETWORKSERVICE', 'BUILTIN\USERS', 'USERS'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/resource/windows_task.rb:226:in `validate_user_and_password'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/resource/windows_task.rb:140:in `after_created'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/resource_builder.rb:73:in `build'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/dsl/declare_resource.rb:314:in `build_resource'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/dsl/declare_resource.rb:271:in `declare_resource'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/dsl/resources.rb:38:in `windows_task'
C:/bjsdev/bootstrap/cache/cookbooks/kickstart/recipes/windows.rb:182:in `from_file'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/mixin/from_file.rb:34:in `instance_eval'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/mixin/from_file.rb:34:in `from_file'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/cookbook_version.rb:199:in `load_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:350:in `load_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:306:in `block in include_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:305:in `each'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:305:in `include_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/dsl/include_recipe.rb:26:in `include_recipe'
C:/bjsdev/bootstrap/cache/cookbooks/kickstart/recipes/default.rb:4:in `from_file'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/mixin/from_file.rb:34:in `instance_eval'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/mixin/from_file.rb:34:in `from_file'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/cookbook_version.rb:199:in `load_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:350:in `load_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:306:in `block in include_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:305:in `each'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:305:in `include_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/dsl/include_recipe.rb:26:in `include_recipe'
C:/bjsdev/bootstrap/cache/cookbooks/kickstart/recipes/tms4s_all.rb:3:in `from_file'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/mixin/from_file.rb:34:in `instance_eval'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/mixin/from_file.rb:34:in `from_file'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/cookbook_version.rb:199:in `load_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:350:in `load_recipe'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context/cookbook_compiler.rb:166:in `block in compile_recipes'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context/cookbook_compiler.rb:163:in `each'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context/cookbook_compiler.rb:163:in `compile_recipes'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context/cookbook_compiler.rb:79:in `compile'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/run_context.rb:199:in `load'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/policy_builder/expand_node_object.rb:97:in `setup_run_context'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/client.rb:515:in `setup_run_context'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/client.rb:281:in `run'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/application.rb:303:in `run_with_graceful_exit_option'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/application.rb:279:in `block in run_chef_client'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/local_mode.rb:44:in `with_server_connectivity'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/application.rb:261:in `run_chef_client'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/application/client.rb:440:in `run_application'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/lib/chef/application.rb:66:in `run'
C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.5.33-universal-mingw32/bin/chef-client:25:in `<top (required)>'
C:/opscode/chef/bin/chef-client:75:in `load'
C:/opscode/chef/bin/chef-client:75:in `<main>'
@Vasu1105

This comment has been minimized.

Contributor

Vasu1105 commented Nov 1, 2018

@datallah Coudl you please post the values for this "#{ENV['USERDOMAIN']}\#{ENV['USERNAME']}" ?

@datallah

This comment has been minimized.

datallah commented Nov 1, 2018

Those are standard Windows Environment variables.
https://ss64.com/nt/syntax-variables.html

I'd rather not post the real values, but, here is some more information and examples:

USERDOMAIN contains the value of the Windows domain that the user is logged into (e.g. MYCORPORATION)

USERNAME contains the username of the user that is logged into windows (e.g. john.smith)

So the full string becomes MYCORPORATION\john.smith

@jugatsu

This comment has been minimized.

Contributor

jugatsu commented Nov 2, 2018

You should provide password property when using non SYSTEM users
https://github.com/chef/chef/blob/master/lib/chef/resource/windows_task.rb#L235

@Vasu1105

This comment has been minimized.

Contributor

Vasu1105 commented Nov 2, 2018

windows_task resource requires the password to be provided for non SYSTEM users since the windows_task creates task which runs in non-interactive mode that runs task whether user logged in or not. We currently not supporting task creation without password for non SYSTEM users.

@datallah

This comment has been minimized.

datallah commented Nov 2, 2018

@jugatsu Yes, I understand that that is what needs to be done now, but my point is that it shouldn't be the case.

I guess this becomes an enhancement request :)

@stuartpreston

This comment has been minimized.

Member

stuartpreston commented Nov 6, 2018

Yes, to be clear the enhancement here would be to allow the current user (the user running chef-client) to create a task without providing the password.

@Nimesh-Msys

This comment has been minimized.

Contributor

Nimesh-Msys commented Nov 9, 2018

I think the root cause and a possible resolution of this issue is as below but let us first consider the working of IT/NP parameters of SCHTASKS:

  • For a Non-System user: (like in this issue)
    • SCHTASKS does not require any password for the task to run interactively (IT)
    • By default it creates an interactive task
    • And prompts for the password if not given (require a password) for Non-Interactive run (NP)
  • For a System user:(/RU "SYSTEM")
    • SCHTASKS does not require any password in neither NP nor IT case
    • And always creates a task to be run in Non-Interactive mode only

On the other hand windows_task resource creates Non-Interactive tasks by default which requires both username and password for a non-system user. This is similar to SCHTASKS but the discrepancy is in the default behavior of their interactive_enabled property.

Hence few validations needs to be modify here to allow a Non-System user to create a task without a password, when interactive_enabled is set to true.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment