Still unknown problems with CRON and PAM (How does pam determine its state?)
DI Roman Fiedler
roman.fiedler at telbiomed.at
Thu Sep 6 12:26:27 UTC 2007
Since nobody came up with an answer to my pam problems, I dug a little
deeper today. The problem seems to be only with cron jobs in some vservers.
The interesting lines in are in the cron job's do_command.c
148: fork
165: write crontab invocation log message
117: setsid ?? open new tty,
xxx stdin/out manipulation
204: do_univ (should not apply to standard ubuntu linux, calls
universe function if any)
213: setuid
222: debugmessage
230: execle (stack destruction - nothing remains from cron app,
only guest app runs)
Which lines would interact with pam? And how is the handshake between
pam and the cron job done (syscall)?
Would I need to debug into the kernel to see the cause?
The problem is reproducible on some vservers after reboot but not on all.
My old message:
>
> I'm trying to find out which files, commands can change the state and
> behavior of the pam modules. This is because I have two servers which
> should be identical in regard to login/pam configuration but they behave
> different.
>
> hosta: A linux vserver instance, with pam, cron
> hostb: A clone of hostb
>
> After cloning of hosta I installed logcheck, which runs without problems
> on hosta, but produces pam error messages in auth.log on hostb. The
> error messages are triggered via the logcheck cronjob, but a much
> simpler cronjob is also sufficient:
>
> * * * * * nobody date > /tmp/pamtest
>
> On hosta I get every minute:
>
> Aug 23 13:05:01 hosta CRON[16877]: (pam_unix) session opened for user
> nobody by (uid=0)
> Aug 23 13:05:01 hosta CRON[16877]: (pam_unix) session closed for user
> nobody
>
> On hostb:
>
> Aug 23 13:08:01 hostb CRON[16908]: (pam_unix) session opened for user
> nobody by (uid=0)
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #6 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #8 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #11 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #13 to soft=20,
> hard=20 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #14 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Aug 23 13:08:01 hostb CRON[16908]: (pam_unix) session closed for user
> nobody
>
> There are no differences in /etc/pam.conf, /etc/pam.d, the
> passwd/shadow files are identical. None of the instances was rebootet
> since installing logcheck.
>
> What could cause the different behavior?
>
More information about the Pam-list
mailing list