https://bugzilla.novell.com/show_bug.cgi?id=662433 https://bugzilla.novell.com/show_bug.cgi?id=662433#c wei wang <wewang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wewang@novell.com AssignedTo|bnc-team-screening@forge.pr |vcizek@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=662433 https://bugzilla.novell.com/show_bug.cgi?id=662433#c2 --- Comment #2 from Erik Brakkee <erik@brakkee.org> 2011-01-06 12:40:32 UTC --- My mailman installation is an old one, basically started with opensuse 10.1 32 bit and then upgraded it in several steps through to 11.3 64 bit. As for the requested info: /etc/passwd: mailman:x:72:67:GNU mailing list manager:/var/lib/mailman:/bin/bash /etc/cron.allow: mythtv mailman /etc/cron.deny: guest gast I also looked at a maiden install of opensuse 11.3 64 bit on a virtual machine and that one has identical configuration, accept for the /etc/cron.allow which is missing. Note that /etc/cron.allow was being ignored before I modified the PAM config. There is one notable difference however which is that when I go in to Yast2/Security and Users and set Filter to "system users", it shows that mailman has login enabled on the maiden install but has it disabled on the machine that is giving the problem. I think disabling login for the mailman account is a better setting anyway. I don't know if this was done by an older SuSE install or whether I disabled the login myself. But in any case disabling user logins is one of the most elementary security measures. PS. mythtv is in the /etc/cron.allow for a similar reason (see the mail thread at http://forums.opensuse.org/english/get-technical-help-here/applications/4522...) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=662433 https://bugzilla.novell.com/show_bug.cgi?id=662433#c4 Michal Seben <mseben@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |mseben@gmail.com Resolution|FIXED | --- Comment #4 from Michal Seben <mseben@gmail.com> 2011-02-20 11:25:35 UTC --- patch from this bugreport ( line "account sufficient pam_listfile.so item=user sense=allow file=/etc/cron.allow onerr=succeed" in /etc/pam.d/crond ) cause warning/error message in /var/log/messages, if /etc/cron.allow is not present : Feb 20 12:16:12 linux-9um4 crontab: pam_listfile(crond:account): Couldn't open /etc/cron.allow what is worse: by default /etc/cron.allow is not present in /etc/ directory, so message occurs and could confuse users after standard installation so I think patch should be reworked so reopening (marking as P1, because 11.4 release date is really close) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=662433 https://bugzilla.novell.com/show_bug.cgi?id=662433#c5 --- Comment #5 from Michal Seben <mseben@gmail.com> 2011-02-21 14:54:12 UTC --- according to man pam_listfile "quiet" option should fix the warning message : " quiet Do not treat service refusals or missing list files as errors that need to be logged." and the new line with pam definition : account sufficient pam_listfile.so item=user sense=allow file=/etc/cron.allow onerr=succeed quiet=1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=662433 https://bugzilla.novell.com/show_bug.cgi?id=662433#c7 --- Comment #7 from Vitezslav Cizek <vcizek@novell.com> 2011-02-21 15:59:01 UTC --- pam_listfile behaves differently than specified in the manpage. Probably a bug in pam_listfile, because it doesn't really do this: "Do not treat missing list files as errors that need to be logged." A patch like this solves the issue: if(lstat(ifname,&fileinfo)) { - pam_syslog(pamh,LOG_ERR, "Couldn't open %s",ifname); + if (!quiet) + pam_syslog(pamh,LOG_ERR, "Couldn't open %s",ifname); I'll file a bug against pam. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=662433 https://bugzilla.novell.com/show_bug.cgi?id=662433#c9 --- Comment #9 from Vitezslav Cizek <vcizek@novell.com> 2011-02-24 13:38:44 UTC --- (In reply to comment #8)

The bug against pam is https://bugzilla.novell.com/show_bug.cgi?id=673826

This is now solved in the pam devel project. Correct way is to use quite without argument. So I changed the pam line to: account sufficient pam_listfile.so item=user sense=allow file=/etc/cron.allow onerr=succeed quiet. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.