Description of problem: Due to the changes/upgrade to vixie-cron, all crontabs not run by root now log the change in user, each time the crontab is run. for example: Aug 19 00:30:01 tornado crond(pam_unix)[31595]: session opened for user apache by (uid=0) Aug 19 00:30:02 tornado crond(pam_unix)[31595]: session closed for user apache This serves to clutter up /var/log/messages and serves no real useful purpose, especially if you have a crontab that runs every 5 minutes (as I do, for some MRTG graphs). This logging also makes a whole lot of unnecessary noise in the logwatch summary that is sent out every night as logwatch. Version-Release number of selected component (if applicable): 4.1-9 How reproducible: Always Steps to Reproduce: 1. Set up a crontab to run as a non-root user 2. Watch /var/log/messages 3. Additional info: This behaviour only started occuring since vixie-cron was updated to version 4. I understand that this bug may be more appropriately classed as a "PAM" problem than "vixie cron" :)
Yes, PAM logs "auth.info" messages to /var/log/messages for every new user session - you'll see the same messages when you do an "su" or "login" command. This is outside of cron's control . You can direct these messages to not be logged, by for instance changing this line in /etc/syslog.conf: *.info;mail.none;news.none;authpriv.none;cron.none; /var/log/messages to : *.info;mail.none;news.none;authpriv.none;cron.none;auth.none /var/log/messages That will disable logging of ALL auth.* messages. This is a local configuration change you are free to make, but the default will remain to log all auth.info messages.
*** Bug 145761 has been marked as a duplicate of this bug. ***
Disabling all auth.info messages seems like it's throwing the baby out with the bathwater here. The every-minute cron messsages seriously clutter the log, and it'd be really really nice to have a way to deal with this specifically. Maybe the session section of /etc/pam.d/cron.d could be changed to not stack with system-auth and instead call pam_unix with a parameter which tells it to tone down the auth.info logging?
In fact, it looks like all the session module of pam_unix *does* is log.