[Bug 822424] New: cron is flooding /var/log/messages
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c0 Summary: cron is flooding /var/log/messages Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: wvvelzen@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 Following messages are in /var/log/messages every 15 minutes: 2013-05-30T16:15:01.462234+02:00 vmhost /usr/sbin/cron[13925]: pam_unix(crond:session): session opened for user root by (uid=0) 2013-05-30T16:15:01.493598+02:00 vmhost /USR/SBIN/CRON[13925]: pam_unix(crond:session): session closed for user root This is probably triggered by the following line in /etc/crontab: # # check scripts in cron.hourly, cron.daily, cron.weekly, and cron.monthly # -*/15 * * * * root test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons >/dev/null 2>&1 It started after I did a 'zypper up' followed by a reboot on May 16th. Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c Ye Yuan <yyuan@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |yyuan@suse.com AssignedTo|bnc-team-screening@forge.pr |vdziewiecki@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c1 --- Comment #1 from Wilfred van Velzen <wvvelzen@gmail.com> 2013-05-31 06:41:04 UTC --- BTW: About the reproducibility: I'm noticing this behavior on my home desktop and a server. Both freshly installed with 12.3. Another server that has been upgraded twice (12.1 -> 12.2 -> 12.3), doesn't show this behavior... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c2 Boris Wesslowski <bw@inside-security.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bw@inside-security.de --- Comment #2 from Boris Wesslowski <bw@inside-security.de> 2013-06-25 03:52:43 UTC --- This is caused by PAM, one solution would be to change the file /etc/pam.d/common-session as follows: Add the line session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid between these two lines: session required pam_limits.so session required pam_unix.so try_first_pass -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c3 --- Comment #3 from Wilfred van Velzen <wvvelzen@gmail.com> 2013-06-25 05:34:56 UTC --- /etc/pam.d/common-session is a symlink to: /etc/pam.d/common-session-pc which states: # This file is autogenerated by pam-config. All changes # will be overwritten. So your suggestion doesn't seem to be the right way to accomplish this!? But I made the change anyway... And this makes things worse. Now every 15 minutes there are 4 lines like these: 2013-06-25T13:00:01.220408+02:00 vmhost /usr/sbin/cron[13520]: pam_succeed_if(crond:session): incomplete condition detected 2013-06-25T13:00:01.220901+02:00 vmhost /usr/sbin/cron[13520]: pam_unix(crond:session): session opened for user root by (uid=0) 2013-06-25T13:00:01.252482+02:00 vmhost /USR/SBIN/CRON[13520]: pam_succeed_if(crond:session): incomplete condition detected 2013-06-25T13:00:01.252977+02:00 vmhost /USR/SBIN/CRON[13520]: pam_unix(crond:session): session closed for user root -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c4 --- Comment #4 from Boris Wesslowski <bw@inside-security.de> 2013-06-25 05:43:46 UTC --- Yes, ultimately this has to be fixed wherever pam-config takes it's data from, this is just the entry it should be creating. Looks like you pasted it wrong, did you make sure it's all in one line (use_uid is at the end)? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c5 --- Comment #5 from Wilfred van Velzen <wvvelzen@gmail.com> 2013-06-25 05:52:26 UTC --- (In reply to comment #4)
Looks like you pasted it wrong, did you make sure it's all in one line (use_uid is at the end)?
Of course I did... Can the white space be spaces, or do they need to be tabs, as I see in the other lines? (I'm testing this now btw) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c6 --- Comment #6 from Wilfred van Velzen <wvvelzen@gmail.com> 2013-06-25 06:05:52 UTC --- Replacing the spaces with tabs seem to have done the trick. (Or I did make a copy/paste error the first time, but I can't verify that any more ;)). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c Wojtek Dziewięcki <vdziewiecki@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |vcizek@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c7 Wojtek Dziewięcki <vdziewiecki@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |mc@suse.com --- Comment #7 from Wojtek Dziewięcki <vdziewiecki@suse.com> 2014-01-24 12:31:50 UTC --- Can something be done on the pam side? This issue doesn't exist in 13.1, although I have no idea why. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c8 Michael Calmer <mc@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mc@suse.com InfoProvider|mc@suse.com |ckornacker@suse.com --- Comment #8 from Michael Calmer <mc@suse.com> 2014-01-24 12:35:35 UTC --- I am not any longer the pam maintainer. Christian? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c9 --- Comment #9 from Wilfred van Velzen <wvvelzen@gmail.com> 2014-01-24 12:43:18 UTC --- (In reply to comment #7)
This issue doesn't exist in 13.1,
Yes it does. I'm seeing it on both the machines I have running 13.1 x86_64. One is an upgraded 12.3 server, the other is a freshly (yesterday) installed virtual machine... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c10 --- Comment #10 from Boris Wesslowski <bw@inside-security.de> 2014-01-24 12:48:22 UTC --- I'm seeing it too on 13.1, even with additional log entries from systemd: 2014-01-24T12:00:01.473739+01:00 zap /usr/sbin/cron[6331]: pam_unix(crond:session): session opened for user root by (uid=0) 2014-01-24T12:00:01.477997+01:00 zap systemd[1]: Starting Session 4 of user root. 2014-01-24T12:00:01.478536+01:00 zap systemd[1]: Started Session 4 of user root. 2014-01-24T12:00:01.511175+01:00 zap /USR/SBIN/CRON[6331]: pam_unix(crond:session): session closed for user root 2014-01-24T12:15:01.519963+01:00 zap /usr/sbin/cron[8143]: pam_unix(crond:session): session opened for user root by (uid=0) 2014-01-24T12:15:01.523760+01:00 zap systemd[1]: Starting Session 5 of user root. 2014-01-24T12:15:01.524284+01:00 zap systemd[1]: Started Session 5 of user root. 2014-01-24T12:15:01.555032+01:00 zap /USR/SBIN/CRON[8143]: pam_unix(crond:session): session closed for user root -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c11 Christian Kornacker <ckornacker@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |ckornacker@suse.com InfoProvider|ckornacker@suse.com | --- Comment #11 from Christian Kornacker <ckornacker@suse.com> 2014-01-24 14:21:29 UTC --- If there is no specific reason to use pam_unix, you could switch to pam_unix2 which provides similar services: # pam-config --delete --unix && pam-config --add --unix2 Or, simply remove pam_unix.so from /etc/pam.d/common-session, since it's used only for logging the username. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c12 --- Comment #12 from Boris Wesslowski <bw@inside-security.de> 2014-01-27 16:31:08 UTC --- I was surprised that the package pam-modules which contains pam_unix2 was not installed by default on my quite extensive 13.1 installation. I could find no evidence that this solution might also remove wanted messages from other sessions except cron, like su, login or xdm, these seem to produce their own output. Switching to pam_unix2 solves the pam_unix log line flooding. On 13.1 there still is the systemd session logging each time cron is run, also causing 2 entries every 15 minutes. Removing pam_unix and pam_unix2 from /etc/pam.d/common-session does not fix the systemd session logging for cron. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c13 --- Comment #13 from Wilfred van Velzen <wvvelzen@gmail.com> 2014-01-31 13:44:27 UTC --- (In reply to comment #11)
If there is no specific reason to use pam_unix, you could switch to pam_unix2 which provides similar services:
I don't know why and if I need pam_unix. I don't even know what it is. It was just there after the update, or maybe already there from the installation of the OS. It's probably installed because of some package dependency, or because it's a default package. If it's not needed, there is where it needs fixing... If it is needed because of some dependency issue. It shouldn't log every 15 minutes in it's default configuration after installation! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=822424 https://bugzilla.novell.com/show_bug.cgi?id=822424#c14 Wojtek Dziewięcki <vdziewiecki@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|vdziewiecki@suse.com |ckornacker@suse.com --- Comment #14 from Wojtek Dziewięcki <vdziewiecki@suse.com> 2014-07-18 15:06:42 UTC --- pam bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com