Bug 433459
| Summary: | PAM audit_log_acct_message() failed: Operation not permitted | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matteo Corti <matteo> |
| Component: | pam | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 8 | CC: | drees76, john.mellor, jr-redhatbugs2, liboska |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 0.99.8.1-17.1.fc8 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-02-26 00:21:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Matteo Corti
2008-02-19 13:59:52 UTC
I'm also seeing this with the new pam package. To reproduce, add the following line to /etc/crontab: * * * * * nobody /bin/true Result: Feb 19 12:19:01 server CROND[1785]: PAM audit_log_acct_message() failed: Operation not permitted Feb 19 12:20:01 server CROND[1787]: PAM audit_log_acct_message() failed: Operation not permitted ... It is actually harmless message but it of course needs to be removed so it doesn't clutter up the logs. I fear that this is not only an harmless message since httpd refuses to authenticate users using pam. From my httpd error log: [Tue Feb 19 14:05:50 2008] [error] [client 129.132.57.95] PAM: user 'corti' - not authenticated: Authentication failure When I try to use a page which uses mod_auth_pam.so I am pretty convinced that this is caused by pam since the errors began with pam's update (and httpd remained the same). Do you see any other messages in /var/log/secure that could be related? Could you try to restart httpd whether that helps? (not for removing the message but for the authentication failure) Also if you're running with SELinux enabled, do you see any AVC messages in audit log from SELinux? Sorry I forgot to put the /var/log/secure entries related to httpd: Feb 19 14:35:23 sp2002a httpd: pam_unix(httpd:auth): authentication failure; logname= uid=48 euid=48 tty= ruser= rhost= user=corti I get the problem only with httpd (logging in using the console or ssh with the same user and password does not give any problem). Looking on the web I found out that having apache not able to read /etc/shadow causes the same error message but I checked and the permissions are OK (I even tried with su to become the user apache and read the file to check if everything was OK) I currently no not have SELinux enabled: $ sestatus SELinux status: disabled Restarting httpd, increasing log verbosity does not bring any change. Thanks for the quick reaction. Ah yes, that's actually a different problem. It is within the pam_unix module. I'll fix it as well. Can you try the pam packages from http://koji.fedoraproject.org/koji/taskinfo?taskID=443904 whether they fix both problems? Hi, I just updated pam and pam-devel and your build solves both problems: * no more error messages in /var/log/secure * httpd & mod_auth_pam work without problems Many thanks for the incredibly quick fix. pam-0.99.8.1-17.1.fc8 has been submitted as an update for Fedora 8 pam-0.99.8.1-17.fc8 also breaks xdm logins (console logins are unaffected). Update to pam-0.99.8.1-17.1.fc8 fixes this. (In reply to comment #11) > pam-0.99.8.1-17.fc8 also breaks xdm logins (console logins are > unaffected). Update to pam-0.99.8.1-17.1.fc8 fixes this. This is not resolved by the new packages but by restarting xdm after the upgrade. If you didn't upgrade but restart the xdm it should fix this intermittent problem as well. pam-0.99.8.1-17.1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update pam'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-1881 *** Bug 433789 has been marked as a duplicate of this bug. *** *** Bug 434563 has been marked as a duplicate of this bug. *** I'm still seeing the error in /var/log/secure after upgrading to pam-0.99.8.1-17.1.fc8: CROND[28756]: PAM audit_log_acct_message() failed: Operation not permitted I think this could actually be a bug in vixie-cron? You need to restart crond after upgrading pam. This solved the problem in my case You are right. I did restart crond, but still had a single message pop up after the restart, but after that, they have stopped. I am still getting 'CROND[12893]: PAM audit_log_acct_message() failed: Operation not permitted' error messages in secure log on our 40+ fedora 8 hosts even after updated to pam-0.99.8.1-17.fc8 and restarting crond service. *** Bug 434657 has been marked as a duplicate of this bug. *** (In reply to comment #19) > I am still getting 'CROND[12893]: PAM audit_log_acct_message() failed: Operation > not permitted' error messages in secure log on our 40+ fedora 8 hosts even after > updated to pam-0.99.8.1-17.fc8 and restarting crond service. Try update to pam-0.99.8.1-17.1.fc8 + restart crond. Fixed it for me on two fedora 8 servers and also on 2 workstations. I also had this error on the screenlock: Feb 25 12:58:25 xps gnome-screensaver-dialog: PAM audit_log_acct_message() failed: Operation not permitted But also that one has gone away now with pam-0.99.8.1-17.1.fc8 (and for cron restarting that daemon). pam-0.99.8.1-17.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. pam-0.99.8.1-17.1.fc8 seem to fixed the issue after installing it on 6 fedora 8 hosts and restarting crond service. I'll let you know after installing it on all other hosts. Yeap pam-0.99.8.1-17.1.fc8 solved the issue on all 40+ hosts. |