0002191: pam_loginuid fails with message: set_loginuid failed opening loginuid

(0008215)
nts (reporter)
2008-11-01 09:29

I can confirm this issue still exists. I would be grateful if it could be solved because /var/log/secure becomes unreadable with this problem, which means intrusions cannot be detected so easily.

The same problem ("pam_loginuid(sshd:session): set_loginuid failed opening loginuid") exists for sshd. I suppose the temporary fix will be analogous to the other fix: comment out "session required pam_loginuid.so" in /etc/pam.d/sshd . However, this is only a temporary solution as it removes the original functionality of pam_loginuid :-(

Linux hostname 2.6.18-ovz028stab053.5-smp 0000001 SMP Wed Mar 26 12:01:19 PDT 2008 i686 i686 i386 GNU/Linux

(0008216)
nts (reporter)
2008-11-01 10:27

See my previous note. Problem exists on CentOS 5.2 for crond and sshd

(0008945)
earthgecko (reporter)
2009-03-26 09:38

I can confirm this is an issue on our build as well:
uname -a
Linux 2.6.18.8-xenU 0000001 SMP Mon Aug 18 15:15:18 PDT 2008 i686 i686 i386 GNU/Linux

(0008979)
pdwalker (reporter)
2009-04-01 06:22

Solution located here: http://www.kholix.com/wiki/index.php/Pam_loginuid(crond:session):_set_loginuid_failed_opening_loginuid [^]

Short answer:

Logwatch occur when using a non-standard kernel without the correct CONFIG_AUDIT and CONFIG_AUDITSYSCALL options set. If you're running a kernel without those options then you can remove the pam_loginuid from PAM (sshd,crond,login,remote and possibly others)

(0008980)
earthgecko (reporter)
2009-04-01 07:02

Thanks pdwalker, that makes perfect sense. Not a bug with CentOS kernel, but with modified kernels (OpenVZ, xen or the like).

(0009776)
bassbluete (reporter)
2009-08-19 13:25

Bug still exist on 5.3
I had command out the pam_loginuid.so.

# The PAM configuration file for the cron daemon
#
#
auth sufficient pam_rootok.so
auth required pam_env.so
auth include system-auth
account required pam_access.so
account include system-auth
#session required pam_loginuid.so
session include system-auth

Aug 19 15:18:11 server sshd[7530]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid

After I had restart crond
/etc/init.d/crond restart

Issue History
Date Modified	Username	Field	Change
2007-07-05 15:17	rocketraman	New Issue
2007-07-05 15:17	rocketraman	Status	new => assigned
2007-07-05 15:17	rocketraman	Assigned To	=> kbsingh@karan.org
2008-11-01 09:29	nts	Note Added: 0008215
2008-11-01 09:29	nts	Issue Monitored: nts
2008-11-01 10:27	nts	Note Added: 0008216
2008-11-01 10:27	nts	Status	assigned => confirmed
2009-02-05 09:00	Michael	Issue Monitored: Michael
2009-02-19 05:18	extesy	Issue Monitored: extesy
2009-03-26 09:38	earthgecko	Note Added: 0008945
2009-04-01 06:22	pdwalker	Note Added: 0008979
2009-04-01 07:02	earthgecko	Note Added: 0008980
2009-08-19 13:25	bassbluete	Note Added: 0009776

Notes
(0008215) nts (reporter) 2008-11-01 09:29	I can confirm this issue still exists. I would be grateful if it could be solved because /var/log/secure becomes unreadable with this problem, which means intrusions cannot be detected so easily. The same problem ("pam_loginuid(sshd:session): set_loginuid failed opening loginuid") exists for sshd. I suppose the temporary fix will be analogous to the other fix: comment out "session required pam_loginuid.so" in /etc/pam.d/sshd . However, this is only a temporary solution as it removes the original functionality of pam_loginuid :-( Linux hostname 2.6.18-ovz028stab053.5-smp 0000001 SMP Wed Mar 26 12:01:19 PDT 2008 i686 i686 i386 GNU/Linux

(0008216) nts (reporter) 2008-11-01 10:27	See my previous note. Problem exists on CentOS 5.2 for crond and sshd

(0008945) earthgecko (reporter) 2009-03-26 09:38	I can confirm this is an issue on our build as well: uname -a Linux 2.6.18.8-xenU 0000001 SMP Mon Aug 18 15:15:18 PDT 2008 i686 i686 i386 GNU/Linux

(0008979) pdwalker (reporter) 2009-04-01 06:22	Solution located here: http://www.kholix.com/wiki/index.php/Pam_loginuid(crond:session):_set_loginuid_failed_opening_loginuid [^] Short answer: Logwatch occur when using a non-standard kernel without the correct CONFIG_AUDIT and CONFIG_AUDITSYSCALL options set. If you're running a kernel without those options then you can remove the pam_loginuid from PAM (sshd,crond,login,remote and possibly others)

(0008980) earthgecko (reporter) 2009-04-01 07:02	Thanks pdwalker, that makes perfect sense. Not a bug with CentOS kernel, but with modified kernels (OpenVZ, xen or the like).

(0009776) bassbluete (reporter) 2009-08-19 13:25	Bug still exist on 5.3 I had command out the pam_loginuid.so. # The PAM configuration file for the cron daemon # # auth sufficient pam_rootok.so auth required pam_env.so auth include system-auth account required pam_access.so account include system-auth #session required pam_loginuid.so session include system-auth Aug 19 15:18:11 server sshd[7530]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid After I had restart crond /etc/init.d/crond restart

Relationships