Bug 165571
Summary: | LTC19418- pam_unix spams /var/log/messages on cron jobs | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Rudi Chiarito <nutello> |
Component: | pam | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | bugproxy, cwsulliv01, george_robinson, jvdias, menscher |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pam-0.99.6.2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-02-06 15:13:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 173926 |
Description
Rudi Chiarito
2005-08-10 15:23:23 UTC
Seeing this in RHEL 4 also; most junk a result of the sysstat package, which has a */10 minute cronjob. Makes logs fairly unreadable. This can be resolved only by adding "quiet" option to pam_unix for session calls. Then you could modify /etc/pam.d/system-auth to silence these messages. I have better idea but it would have to be accepted upstream first and it would require modification of pam patch in the cron. A PAM_LOG_ERRORS_ONLY flag could be added to PAM which services running regularly and not representing a security risk such as cron could add when PAM is called. The quiet option to pam_unix is not as useful because when added to system-auth it would silence all session calls even from daemons as ssh where the logging is useful and doesn't clutter the log file. ---- Additional Comments From corryk.com(prefers email via kevcorry.com) 2005-11-03 14:34 EDT ------- Reposting earlier comment from Emily which got missed by the mirroring tools: --- Additional Comment #2 From Emily J. Ratliff 2005-10-28 09:34 EDT ---- According to /usr/share/doc/pam-0.79/txts/README.pam_unix and the pam_unix_sess.c source, the only point to having pam_unix in the session stack is to provide this level of logging. This logging can be suppressed by commenting out the line in /etc/pam.d/crond that invokes the system-auth session stacking and uncommenting the session pam_limits line, since the only pam modules invoked in the system-auth session stack are pam_unix and pam_limits. So on a FC4 system, the /etc/pam.d/crond file would contain # # The PAM configuration file for the cron daemon # # auth sufficient pam_rootok.so auth required pam_stack.so service=system-auth auth required pam_env.so account required pam_stack.so service=system-auth account required pam_access.so #session required pam_stack.so service=system-auth session required pam_loginuid.so # To enable PAM user limits for cron jobs, # configure /etc/security/limits.conf and # uncomment this line: session required pam_limits.so # Yes, this makes sense. It would be probably the easiest way how to resolve this bug and it shouldn't break anything. This was fixed a long ago. |