Red Hat Bugzilla – Bug 130242
Cron/PAM logging crontabs
Last modified: 2007-11-30 17:10:47 EST
Description of problem:
Due to the changes/upgrade to vixie-cron, all crontabs not run by
root now log the change in user, each time the crontab is run.
Aug 19 00:30:01 tornado crond(pam_unix): session opened for
user apache by (uid=0)
Aug 19 00:30:02 tornado crond(pam_unix): session closed for
This serves to clutter up /var/log/messages and serves no real useful
purpose, especially if you have a crontab that runs every 5 minutes
(as I do, for some MRTG graphs). This logging also makes a whole lot
of unnecessary noise in the logwatch summary that is sent out every
night as logwatch.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set up a crontab to run as a non-root user
2. Watch /var/log/messages
This behaviour only started occuring since vixie-cron was updated to
I understand that this bug may be more appropriately classed as
a "PAM" problem than "vixie cron" :)
Yes, PAM logs "auth.info" messages to /var/log/messages for every
new user session - you'll see the same messages when you do an "su"
or "login" command. This is outside of cron's control .
You can direct these messages to not be logged, by for instance
changing this line in /etc/syslog.conf:
That will disable logging of ALL auth.* messages.
This is a local configuration change you are free to make, but
the default will remain to log all auth.info messages.
*** Bug 145761 has been marked as a duplicate of this bug. ***
Disabling all auth.info messages seems like it's throwing the baby out with the
bathwater here. The every-minute cron messsages seriously clutter the log, and
it'd be really really nice to have a way to deal with this specifically.
Maybe the session section of /etc/pam.d/cron.d could be changed to not stack
with system-auth and instead call pam_unix with a parameter which tells it to
tone down the auth.info logging?
In fact, it looks like all the session module of pam_unix *does* is log.