Still unknown problems with CRON and PAM (How does pam determine its state?)

DI Roman Fiedler roman.fiedler at telbiomed.at
Tue Sep 18 09:09:43 UTC 2007 

I still do not know where PAM gets its state but I found what caused the 
different security settings of cron jobs on two machines. It seems that 
the pam limit do apply to cron only when started from SysV-Init, but 
they are ignored when started on commandline.

Limits of a root cron job  when cron was started from sysv-init:

Limit 6: hard 16382, soft 16382
Limit 8: hard 32768, soft 32768
Limit 11: hard 16382, soft 16382
Limit 12: hard 819200, soft 819200
Limit 13: hard 0, soft 0
Limit 14: hard 0, soft 0

Limits of a root cron job  when cron was started manually via 
/etc/init.d/cron start

Limit 6: hard -1, soft -1
Limit 8: hard -1, soft -1
Limit 11: hard -1, soft -1
Limit 12: hard -1, soft -1
Limit 13: hard 20, soft 20
Limit 14: hard -1, soft -1

I do not know if it is possible to knock out all security settings for 
other applications in the same way, e.g. sshd but maybe I'll try.


My old message:
>
> I'm trying to find out which files, commands can change the state and
> behavior of the pam modules. This is because I have two servers which
> should be identical in regard to login/pam configuration but they behave
> different.
>
> hosta: A linux vserver instance, with pam, cron
> hostb: A clone of hostb
>
> After cloning of hosta I installed logcheck, which runs without problems
> on hosta, but produces pam error messages in auth.log on hostb. The
> error messages are triggered via the logcheck cronjob, but a much
> simpler cronjob is also sufficient:
>
> * *     * * *   nobody  date > /tmp/pamtest
>
> On hosta  I get every minute:
>
> Aug 23 13:05:01 hosta CRON[16877]: (pam_unix) session opened for user
> nobody by (uid=0)
> Aug 23 13:05:01 hosta CRON[16877]: (pam_unix) session closed for user 
> nobody
>
> On hostb:
>
> Aug 23 13:08:01 hostb CRON[16908]: (pam_unix) session opened for user
> nobody by (uid=0)
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #6 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #8 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #11 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #13 to soft=20,
> hard=20 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #14 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb CRON[16908]: (pam_unix) session closed for user 
> nobody
>
> There are no differences in /etc/pam.conf, /etc/pam.d, the 
> passwd/shadow files are identical. None of the instances was rebootet 
> since installing logcheck.
>
> What could cause the different behavior?
>

_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

More information about the Pam-list mailing list