View Issue Details

IDProjectCategoryView StatusLast Update
0002191CentOS-5pampublic2014-09-19 14:26
Reporterrocketraman 
PrioritynormalSeverityminorReproducibilityalways
Status confirmedResolutionopen 
Product Version5.0 - i386 
Target VersionFixed in Version 
Summary0002191: pam_loginuid fails with message: set_loginuid failed opening loginuid
DescriptionIn /var/log/secure, twice every minute I was receiving the following message:

Jul 5 11:06:01 li5-33 crond[21428]: pam_loginuid(crond:session): set_loginuid failed opening loginuid

Googling this message indicates the reason is that the /proc filesystem is read-only and so the pam_loginuid module cannot write the audit information there. A read-only proc filesystem appears to be the default, and usage of pam_loginuid also appears to be the default.

Commenting out pam_loginuid from the /etc/pam.d/crond file resolved the issue.
Additional InformationI am running under UML with a non-standard kernel:

# uname -a
Linux xxx 2.6.21.1-linode32 #1 Sun May 6 17:50:51 EDT 2007 i686 i686 i386 GNU/Linux
TagsNo tags attached.

Activities

nts

nts

2008-11-01 09:29

reporter   ~0008215

I can confirm this issue still exists. I would be grateful if it could be solved because /var/log/secure becomes unreadable with this problem, which means intrusions cannot be detected so easily.

The same problem ("pam_loginuid(sshd:session): set_loginuid failed opening loginuid") exists for sshd. I suppose the temporary fix will be analogous to the other fix: comment out "session required pam_loginuid.so" in /etc/pam.d/sshd . However, this is only a temporary solution as it removes the original functionality of pam_loginuid :-(

Linux hostname 2.6.18-ovz028stab053.5-smp #1 SMP Wed Mar 26 12:01:19 PDT 2008 i686 i686 i386 GNU/Linux
nts

nts

2008-11-01 10:27

reporter   ~0008216

See my previous note. Problem exists on CentOS 5.2 for crond and sshd
earthgecko

earthgecko

2009-03-26 09:38

reporter   ~0008945

I can confirm this is an issue on our build as well:
uname -a
Linux 2.6.18.8-xenU #1 SMP Mon Aug 18 15:15:18 PDT 2008 i686 i686 i386 GNU/Linux
pdwalker

pdwalker

2009-04-01 06:22

reporter   ~0008979

Solution located here: http://www.kholix.com/wiki/index.php/Pam_loginuid(crond:session):_set_loginuid_failed_opening_loginuid

Short answer:

Logwatch occur when using a non-standard kernel without the correct CONFIG_AUDIT and CONFIG_AUDITSYSCALL options set. If you're running a kernel without those options then you can remove the pam_loginuid from PAM (sshd,crond,login,remote and possibly others)

earthgecko

earthgecko

2009-04-01 07:02

reporter   ~0008980

Thanks pdwalker, that makes perfect sense. Not a bug with CentOS kernel, but with modified kernels (OpenVZ, xen or the like).
bassbluete

bassbluete

2009-08-19 13:25

reporter   ~0009776

Bug still exist on 5.3
I had command out the pam_loginuid.so.

# The PAM configuration file for the cron daemon
#
#
auth sufficient pam_rootok.so
auth required pam_env.so
auth include system-auth
account required pam_access.so
account include system-auth
#session required pam_loginuid.so
session include system-auth

Aug 19 15:18:11 server sshd[7530]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid

After I had restart crond
/etc/init.d/crond restart
markcarsonboxz

markcarsonboxz

2010-08-01 17:16

reporter   ~0011705

I can confirm that VPS packages with kernel 2.6.9-023stab051.3-smp do not allow pam_loginuid.so to function as expected.
This kernel ships with VPS packages from 1and1.co.uk. Updated via yum to CentOS 5.5 and discovered this issue.
Adding comment flag before "session required pam_loginuid.so" as above corrected the issue with logging.
osde8info

osde8info

2010-09-24 09:50

reporter   ~0011884

also get 1000's of

pam_loginuid(crond:session): set_loginuid failed opening loginuid

on custom centos kernel from ovh.co.uk

Linux my.host 2.6.32.2-xxxx-std-ipv4-64 #1 SMP Tue Dec 29 14:40:33 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux

however they do comment out session required pam_loginuid.so in their default /etc/pam.d/crond

but this can get overwritten by a yum update
ppyy

ppyy

2014-09-19 14:26

reporter   ~0020950

crontab not run in docker.
disable pam_loginuid.so, then it works

Issue History

Date Modified Username Field Change
2007-07-05 15:17 rocketraman New Issue
2007-07-05 15:17 rocketraman Status new => assigned
2008-11-01 09:29 nts Note Added: 0008215
2008-11-01 10:27 nts Note Added: 0008216
2008-11-01 10:27 nts Status assigned => confirmed
2009-03-26 09:38 earthgecko Note Added: 0008945
2009-04-01 06:22 pdwalker Note Added: 0008979
2009-04-01 07:02 earthgecko Note Added: 0008980
2009-08-19 13:25 bassbluete Note Added: 0009776
2010-08-01 17:16 markcarsonboxz Note Added: 0011705
2010-09-24 09:50 osde8info Note Added: 0011884
2014-09-19 14:26 ppyy Note Added: 0020950