130242 – Cron/PAM logging crontabs

Bug 130242 - Cron/PAM logging crontabs

Summary: Cron/PAM logging crontabs

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	vixie-cron
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jason Vas Dias
QA Contact:	Brock Organ
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	145761 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-08-18 13:58 UTC by Reuben Farrelly
Modified:	2007-11-30 22:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-08-18 14:43:31 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Reuben Farrelly 2004-08-18 13:58:57 UTC

Description of problem:
Due to the changes/upgrade to vixie-cron, all crontabs not run by 
root now log the change in user, each time the crontab is run.

for example:

Aug 19 00:30:01 tornado crond(pam_unix)[31595]: session opened for 
user apache by (uid=0)
Aug 19 00:30:02 tornado crond(pam_unix)[31595]: session closed for 
user apache

This serves to clutter up /var/log/messages and serves no real useful 
purpose, especially if you have a crontab that runs every 5 minutes 
(as I do, for some MRTG graphs).  This logging also makes a whole lot 
of unnecessary noise in the logwatch summary that is sent out every 
night as logwatch.

Version-Release number of selected component (if applicable):
4.1-9

How reproducible:
Always

Steps to Reproduce:
1. Set up a crontab to run as a non-root user
2. Watch /var/log/messages
3.
    

Additional info:

This behaviour only started occuring since vixie-cron was updated to 
version 4.

I understand that this bug may be more appropriately classed as 
a "PAM" problem than "vixie cron" :)

Comment 1 Jason Vas Dias 2004-08-18 14:43:31 UTC

Yes, PAM logs "auth.info" messages to /var/log/messages for every
new user session - you'll see the same messages when you do an "su"
or "login" command. This is outside of cron's control .
You can direct these messages to not be logged, by for instance
changing this line in /etc/syslog.conf:

*.info;mail.none;news.none;authpriv.none;cron.none; /var/log/messages

to :
*.info;mail.none;news.none;authpriv.none;cron.none;auth.none
/var/log/messages

That will disable logging of ALL auth.* messages.

This is a local configuration change you are free to make, but 
the default will remain to log all auth.info messages.

Comment 2 Jason Vas Dias 2005-01-21 15:09:24 UTC

*** Bug 145761 has been marked as a duplicate of this bug. ***

Comment 3 Matthew Miller 2005-05-11 13:57:45 UTC

Disabling all auth.info messages seems like it's throwing the baby out with the
bathwater here. The every-minute cron messsages seriously clutter the log, and
it'd be really really nice to have a way to deal with this specifically.

Maybe the session section of /etc/pam.d/cron.d could be changed to not stack
with system-auth and instead call pam_unix with a parameter which tells it to
tone down the auth.info logging?

Comment 4 Matthew Miller 2005-05-11 14:02:29 UTC

In fact, it looks like all the session module of pam_unix *does* is log.

Note You need to log in before you can comment on or make changes to this bug.