Comment # 7 on bug 1165502 from 
(In reply to Archie Cobbs from comment #6)
> The only check that seems to be causing the error is the JVM check
> that runs sudo (see below for entire script).

sudo is a bit special as it opens a new session including a logind one. This
part is debatable but that's currently the way it works on openSUSE.

That said, logind shouldn't open a new session (for root) because the execution
of the script is already part of a session which was opened by sshd for
'pexpnagios' user. But for some reasons, this check seems to fail sometimes.

> From /etc/passwd:
> 
>     pexpnagios:x:1000:100::/home/pexpnagios:/bin/bash
> 

So nothing fancy here.

> > BTW did you make any modification in the pam stuff ?
> 
> I hope not. But to digress a bit, often when I do a "zypper dup" to upgrade
> to a newer version of openSUSE, there are RPM config file conflicts in
> /etc/pam.d. This is really annoying and it's never clear how to resolve
> these.
> 
> It appears that two things that don't know about each other are conflicting:
> (a) the /etc/pam.d/common-foo files are normal files owned by the "pam" RPM,
> but (b) the "pam-config" RPM turns them into symlinks. So any time the "pam"
> RPM is upgraded and changes any of the common-foo files, you get an RPM
> config file conflict. 

If you have never modified files in pam.d and you got conflicts then it sounds
like a bug, feel free to open a new report.

> Anyway, don't know if that has anything to do with this. Here's the contents
> of those file:

You can also check for modified files with "rpm -V pam".

> [root@test.stv.pexp] 837 cat common-session
> #%PAM-1.0
> #
> # This file is autogenerated by pam-config. All changes
> # will be overwritten.
> #
> # Session-related modules common to all services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of modules that define tasks to be performed
> # at the start and end of sessions of *any* kind (both interactive and
> # non-interactive
> #
> session	optional	pam_systemd.so

Can you enable the debug logs for pam_systemd ?

To do so replace the line above with :

session    optional    pam_systemd.so debug

IOW append "debug" to the line.

> This is our homebrew check_jvm Nagios check:
> 
> ======== cut here ============

Please next time *attach* the script or any file to this report instead of
pasting them here as it makes the comments needlessly long and hard to read.

You are receiving this mail because: