[opensuse-support] pam.so listed by `zypper ps` ???
Inspired by a post here (somewhere), out of curiosity I ran `sudo zypper ps` and was surprised to find that it had *any* output, but even more surprised to see an awful lot of important-looking libraries listed. How the heck could this state have been acheived, and how scared should I be to reboot, etc.? TIA Output follows: The following running processes use deleted files: PID | PPID | UID | User | Command | Service | Files ------+-------+------+---------+-----------------+-----------------+-------------------------------------- 1 | 0 | 0 | root | systemd | | /lib64/libpam.so.0.84.2 781 | 1 | 0 | root | ModemManager | ModemManager | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 782 | 1 | 0 | root | irqbalance | irqbalance | /usr/lib64/libglib-2.0.so.0.5400.3 792 | 1 | 0 | root | cupsd | cups | /lib64/libpam.so.0.84.2 857 | 1 | 0 | root | bluetoothd | bluetooth | /usr/lib64/libglib-2.0.so.0.5400.3 873 | 1 | 469 | polkitd | polkitd | polkit | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 1335 | 1 | 0 | root | sshd | sshd | /lib64/libpam.so.0.84.2 1405 | 1 | 0 | root | lightdm | display-manager | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /lib64/libpam.so.0.84.2 1413 | 1 | 0 | root | accounts-daemon | accounts-daemon | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 1496 | 1 | 0 | root | cron | cron | /lib64/libpam.so.0.84.2 6798 | 1 | 0 | root | upowerd | upower | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 24659 | 24658 | 1000 | myuser | systemd | | /lib64/libpam.so.0.84.2 You may wish to restart these processes. See 'man zypper' for information about the meaning of values in the above table. Michael -- Michael Fischer michael@visv.net -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
On 27/12/2018 23.52, Michael Fischer wrote:
Inspired by a post here (somewhere), out of curiosity I ran `sudo zypper ps` and was surprised to find that it had *any* output, but even more surprised to see an awful lot of important-looking libraries listed.
How the heck could this state have been acheived, and how scared should I be to reboot, etc.?
After updating packages using rpm, zypper, or yast, files that were in use can't be actually deleted and remain in use. Thus you have to restart the affected applications or services - but some of them can not be easily restarted, so instead it is easier to reboot. If you don't, well, the security update that you did is not in fact applied and you are still running the vulnerable versions. On some cases, you may have in memory inconsistent libraries (one updated, one old), I list below the actions you can do instead of rebooting.
The following running processes use deleted files:
PID | PPID | UID | User | Command | Service | Files ------+-------+------+---------+-----------------+-----------------+-------------------------------------- 1 | 0 | 0 | root | systemd | | /lib64/libpam.so.0.84.2
reboot.
781 | 1 | 0 | root | ModemManager | ModemManager | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3
Ignore. Maybe restart network manager would do the trick.
782 | 1 | 0 | root | irqbalance | irqbalance | /usr/lib64/libglib-2.0.so.0.5400.3
Dunno.
792 | 1 | 0 | root | cupsd | cups | /lib64/libpam.so.0.84.2
systemctl restart cupsd
857 | 1 | 0 | root | bluetoothd | bluetooth | /usr/lib64/libglib-2.0.so.0.5400.3
dunno.
873 | 1 | 469 | polkitd | polkitd | polkit | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3
dunno.
1335 | 1 | 0 | root | sshd | sshd | /lib64/libpam.so.0.84.2
systemctl restart sshd
1405 | 1 | 0 | root | lightdm | display-manager | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /lib64/libpam.so.0.84.2
log out init 3 init 5
1413 | 1 | 0 | root | accounts-daemon | accounts-daemon | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3
dunno
1496 | 1 | 0 | root | cron | cron | /lib64/libpam.so.0.84.2
systemctl restart cron
6798 | 1 | 0 | root | upowerd | upower | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3
Dunno
24659 | 24658 | 1000 | myuser | systemd | | /lib64/libpam.so.0.84.2
Unsure. Only that tiny list? :-p Just reboot when feasible. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
* Carlos E. R.
On 27/12/2018 23.52, Michael Fischer wrote:
Inspired by a post here (somewhere), out of curiosity I ran `sudo zypper ps` and was surprised to find that it had *any* output, but even more surprised to see an awful lot of important-looking libraries listed.
How the heck could this state have been acheived, and how scared should I be to reboot, etc.?
After updating packages using rpm, zypper, or yast, files that were in use can't be actually deleted and remain in use. Thus you have to restart the affected applications or services - but some of them can not be easily restarted, so instead it is easier to reboot.
If you don't, well, the security update that you did is not in fact applied and you are still running the vulnerable versions.
On some cases, you may have in memory inconsistent libraries (one updated, one old),
I list below the actions you can do instead of rebooting.
The following running processes use deleted files:
PID | PPID | UID | User | Command | Service | Files ------+-------+------+---------+-----------------+-----------------+-------------------------------------- 1 | 0 | 0 | root | systemd | | /lib64/libpam.so.0.84.2
reboot.
systemctl daemon-reexec or systemctl daemon-reload
781 | 1 | 0 | root | ModemManager | ModemManager | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3
Ignore. Maybe restart network manager would do the trick.
systemctl restart ModemManager
782 | 1 | 0 | root | irqbalance | irqbalance | /usr/lib64/libglib-2.0.so.0.5400.3
systemctl restart irqbalance
792 | 1 | 0 | root | cupsd | cups | /lib64/libpam.so.0.84.2
systemctl restart cupsd
857 | 1 | 0 | root | bluetoothd | bluetooth | /usr/lib64/libglib-2.0.so.0.5400.3
systemctl restart bluetooth or bluetoothctl restart
873 | 1 | 469 | polkitd | polkitd | polkit | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3
dunno.
systemctl restart polkit
1335 | 1 | 0 | root | sshd | sshd | /lib64/libpam.so.0.84.2
systemctl restart sshd
but you must also disconnect and reconnect the ssh sessions
1405 | 1 | 0 | root | lightdm | display-manager | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /lib64/libpam.so.0.84.2
log out init 3 init 5
1413 | 1 | 0 | root | accounts-daemon | accounts-daemon | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3
dunno
systemctl restart accounts-daemon
1496 | 1 | 0 | root | cron | cron | /lib64/libpam.so.0.84.2
systemctl restart cron
6798 | 1 | 0 | root | upowerd | upower | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3
Dunno
systemctl restart upower
24659 | 24658 | 1000 | myuser | systemd | | /lib64/libpam.so.0.84.2
Unsure.
kill -9 24659
Only that tiny list? :-p
Just reboot when feasible.
-- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
On 28/12/2018 01.42, Patrick Shanahan wrote:
* Carlos E. R.
[12-27-18 18:55]: On 27/12/2018 23.52, Michael Fischer wrote:
I list below the actions you can do instead of rebooting.
The following running processes use deleted files:
PID | PPID | UID | User | Command | Service | Files ------+-------+------+---------+-----------------+-----------------+-------------------------------------- 1 | 0 | 0 | root | systemd | | /lib64/libpam.so.0.84.2
reboot.
systemctl daemon-reexec or systemctl daemon-reload
AFAIK that might reload the child daemons, but not PID 1. I have tried once or twice and failed.
1335 | 1 | 0 | root | sshd | sshd | /lib64/libpam.so.0.84.2
systemctl restart sshd
but you must also disconnect and reconnect the ssh sessions
Eventually :-) -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
On Thu, Dec 27, Patrick Shanahan wrote:
* Carlos E. R.
[12-27-18 18:55]: On 27/12/2018 23.52, Michael Fischer wrote:
Inspired by a post here (somewhere), out of curiosity I ran `sudo zypper ps` and was surprised to find that it had *any* output, but even more surprised to see an awful lot of important-looking libraries listed.
How the heck could this state have been acheived, and how scared should I be to reboot, etc.?
After updating packages using rpm, zypper, or yast, files that were in use can't be actually deleted and remain in use. Thus you have to restart the affected applications or services - but some of them can not be easily restarted, so instead it is easier to reboot.
If you don't, well, the security update that you did is not in fact applied and you are still running the vulnerable versions.
On some cases, you may have in memory inconsistent libraries (one updated, one old),
Patrick, Carlos, Thanks for the tips. I figured a reboot and login would cover the whole list. However, it is unclear to me how the ONLY versioned libpam.so I seem to have on my system is one I can do without. Surely there must be _some_ version as the target of the usual symlink(s)??? $ locate libpam /etc/apparmor.d/abstractions/libpam-systemd /lib/libpam.so.0 /lib/libpam.so.0.84.2 /lib/libpam_misc.so.0 /lib/libpam_misc.so.0.82.1 /lib/libpamc.so.0 /lib/libpamc.so.0.82.1 /lib64/libpam.so.0 /lib64/libpam.so.0.84.2 /lib64/libpam_misc.so.0 /lib64/libpam_misc.so.0.82.1 /lib64/libpamc.so.0 /lib64/libpamc.so.0.82.1 /usr/lib64/libpam.so /usr/lib64/libpam_misc.so /usr/lib64/libpamc.so $ l /usr/lib64/libpam.so lrwxrwxrwx 1 root root 23 Dec 3 10:16 /usr/lib64/libpam.so -> /lib64/libpam.so.0.84.2 $ l /lib64/libpam.so.0 lrwxrwxrwx 1 root root 16 Dec 3 10:15 /lib64/libpam.so.0 -> libpam.so.0.84.2 So.. if that file is only showing up for `ls` because some processes still have it open, and I shut down those processes... doesn't this suggest that e.g. systemd and login will get very unhappy because there is NO 64-bit libpam.so on the system? (or at least the symlink targets are gone) What part of this have I got horribly wrong? The above understanding of the situation, or that I managed to do some zypper command which removed some much needed libraries? Thanks Michael -- Michael Fischer michael@visv.net -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
On 28/12/2018 03.19, Michael Fischer wrote:
On Thu, Dec 27, Patrick Shanahan wrote:
* Carlos E. R. <> [12-27-18 18:55]:
Patrick, Carlos,
Thanks for the tips. I figured a reboot and login would cover the whole list. However, it is unclear to me how the ONLY versioned libpam.so I seem to have on my system is one I can do without. Surely there must be _some_ version as the target of the usual symlink(s)???
$ locate libpam /etc/apparmor.d/abstractions/libpam-systemd /lib/libpam.so.0 /lib/libpam.so.0.84.2 <=== /lib/libpam_misc.so.0 /lib/libpam_misc.so.0.82.1 /lib/libpamc.so.0 /lib/libpamc.so.0.82.1 /lib64/libpam.so.0 /lib64/libpam.so.0.84.2 /lib64/libpam_misc.so.0 /lib64/libpam_misc.so.0.82.1 /lib64/libpamc.so.0 /lib64/libpamc.so.0.82.1 /usr/lib64/libpam.so /usr/lib64/libpam_misc.so /usr/lib64/libpamc.so
$ l /usr/lib64/libpam.so lrwxrwxrwx 1 root root 23 Dec 3 10:16 /usr/lib64/libpam.so -> /lib64/libpam.so.0.84.2
$ l /lib64/libpam.so.0 lrwxrwxrwx 1 root root 16 Dec 3 10:15 /lib64/libpam.so.0 -> libpam.so.0.84.2
So.. if that file is only showing up for `ls` because some processes still have it open, and I shut down those processes... doesn't this suggest that e.g. systemd and login will get very unhappy because there is NO 64-bit libpam.so on the system? (or at least the symlink targets are gone)
What part of this have I got horribly wrong? The above understanding of the situation, or that I managed to do some zypper command which removed some much needed libraries?
The only thing you did "half wrong" is not noticing that you had to reboot after some update, and this is very common. People often say that in Windows you always need to reboot so often, and that in Linux you don't need to reboot. This is not true, in Linux sometimes you need to reboot, sometimes not, but it is simply easier to reboot than figuring out the list. After *any* update just run "zypper ps", try to restart the services they list, and if not, just log out. Run zypper ps in one of the text mode consoles, and if still something is there, reboot. And just run the updates at a moment in your schedule when rebooting is not a problem. With practice, from the list of things to update, you may figure out if a reboot will be necessary, a log out, a restart of the graphical session, or just a restart of some service or application. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
Am 28.12.18 um 04:11 schrieb Carlos E. R.:
On 28/12/2018 03.19, Michael Fischer wrote:
... The only thing you did "half wrong" is not noticing that you had to reboot after some update, and this is very common. People often say that in Windows you always need to reboot so often, and that in Linux you don't need to reboot. This is not true, in Linux sometimes you need to reboot, sometimes not, but it is simply easier to reboot than figuring out the list.
It seems usually not necessary with Leap if one uses its update service within KDE. Peter -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
On 28/12/2018 09.40, Peter McD wrote:
Am 28.12.18 um 04:11 schrieb Carlos E. R.:
On 28/12/2018 03.19, Michael Fischer wrote:
... The only thing you did "half wrong" is not noticing that you had to reboot after some update, and this is very common. People often say that in Windows you always need to reboot so often, and that in Linux you don't need to reboot. This is not true, in Linux sometimes you need to reboot, sometimes not, but it is simply easier to reboot than figuring out the list.
It seems usually not necessary with Leap if one uses its update service within KDE.
It does not matter at all how you update to hit this issue or not. It only depends on what package is updated. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
participants (4)
-
Carlos E. R.
-
Michael Fischer
-
Patrick Shanahan
-
Peter McD