View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002191||CentOS-5||pam||public||2007-07-05 15:17||2014-09-19 14:26|
|Product Version||5.0 - i386|
|Target Version||Fixed in Version|
|Summary||0002191: pam_loginuid fails with message: set_loginuid failed opening loginuid|
|Description||In /var/log/secure, twice every minute I was receiving the following message:|
Jul 5 11:06:01 li5-33 crond: pam_loginuid(crond:session): set_loginuid failed opening loginuid
Googling this message indicates the reason is that the /proc filesystem is read-only and so the pam_loginuid module cannot write the audit information there. A read-only proc filesystem appears to be the default, and usage of pam_loginuid also appears to be the default.
Commenting out pam_loginuid from the /etc/pam.d/crond file resolved the issue.
|Additional Information||I am running under UML with a non-standard kernel:|
# uname -a
Linux xxx 184.108.40.206-linode32 #1 Sun May 6 17:50:51 EDT 2007 i686 i686 i386 GNU/Linux
|Tags||No tags attached.|
I can confirm this issue still exists. I would be grateful if it could be solved because /var/log/secure becomes unreadable with this problem, which means intrusions cannot be detected so easily.
The same problem ("pam_loginuid(sshd:session): set_loginuid failed opening loginuid") exists for sshd. I suppose the temporary fix will be analogous to the other fix: comment out "session required pam_loginuid.so" in /etc/pam.d/sshd . However, this is only a temporary solution as it removes the original functionality of pam_loginuid :-(
Linux hostname 2.6.18-ovz028stab053.5-smp #1 SMP Wed Mar 26 12:01:19 PDT 2008 i686 i686 i386 GNU/Linux
|See my previous note. Problem exists on CentOS 5.2 for crond and sshd|
I can confirm this is an issue on our build as well:
Linux 220.127.116.11-xenU #1 SMP Mon Aug 18 15:15:18 PDT 2008 i686 i686 i386 GNU/Linux
Solution located here: http://www.kholix.com/wiki/index.php/Pam_loginuid(crond:session):_set_loginuid_failed_opening_loginuid
Logwatch occur when using a non-standard kernel without the correct CONFIG_AUDIT and CONFIG_AUDITSYSCALL options set. If you're running a kernel without those options then you can remove the pam_loginuid from PAM (sshd,crond,login,remote and possibly others)
|Thanks pdwalker, that makes perfect sense. Not a bug with CentOS kernel, but with modified kernels (OpenVZ, xen or the like).|
Bug still exist on 5.3
I had command out the pam_loginuid.so.
# The PAM configuration file for the cron daemon
auth sufficient pam_rootok.so
auth required pam_env.so
auth include system-auth
account required pam_access.so
account include system-auth
#session required pam_loginuid.so
session include system-auth
Aug 19 15:18:11 server sshd: pam_loginuid(sshd:session): set_loginuid failed opening loginuid
After I had restart crond
I can confirm that VPS packages with kernel 2.6.9-023stab051.3-smp do not allow pam_loginuid.so to function as expected.
This kernel ships with VPS packages from 1and1.co.uk. Updated via yum to CentOS 5.5 and discovered this issue.
Adding comment flag before "session required pam_loginuid.so" as above corrected the issue with logging.
also get 1000's of
pam_loginuid(crond:session): set_loginuid failed opening loginuid
on custom centos kernel from ovh.co.uk
Linux my.host 18.104.22.168-xxxx-std-ipv4-64 #1 SMP Tue Dec 29 14:40:33 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
however they do comment out session required pam_loginuid.so in their default /etc/pam.d/crond
but this can get overwritten by a yum update
crontab not run in docker.
disable pam_loginuid.so, then it works
|2007-07-05 15:17||rocketraman||New Issue|
|2007-07-05 15:17||rocketraman||Status||new => assigned|
|2008-11-01 09:29||nts||Note Added: 0008215|
|2008-11-01 10:27||nts||Note Added: 0008216|
|2008-11-01 10:27||nts||Status||assigned => confirmed|
|2009-03-26 09:38||earthgecko||Note Added: 0008945|
|2009-04-01 06:22||pdwalker||Note Added: 0008979|
|2009-04-01 07:02||earthgecko||Note Added: 0008980|
|2009-08-19 13:25||bassbluete||Note Added: 0009776|
|2010-08-01 17:16||markcarsonboxz||Note Added: 0011705|
|2010-09-24 09:50||osde8info||Note Added: 0011884|
|2014-09-19 14:26||ppyy||Note Added: 0020950|