crond pam_loginuid error - any ideas

[Frank Broughton]

I received this in my logwatch email report today:

Code:

crond: pam_loginuid(crond:session): set_loginuid failed opening loginuid: 3088 Time(s)

Anyone know what it means?

A google search mentioned this:

I've seen this when using a non-standard kernel without the correct
CONFIG_AUDIT and CONFIG_AUDITSYSCALL options set.

If you're running a kernel without those options then you can remove
the pam_loginuid from PAM (sshd,crond,login,remote and possibly others)
------------
Bingo. That was the cause (and fix) of the problem. Turned those
options on in the kernel, and now all is good.

Any idea how to turn these options on in the kernel?

[Frank Broughton]

no ideas my genius friends?

Was in the logwatch report again today:
crond: pam_loginuid(crond:session): set_loginuid failed opening loginuid: 3088 Time(s)

[Spathiphyllum]

See CentOS bug tracker.

Since you cannot recompile the kernel (you're on a VPS, yes?), and the default is to use PAM for the crond process, then the session info apparently cannot be recorded properly to the /proc directory. So, crond logs it as an error.

I did what the tip suggested some time ago. Edit /etc/pam.d/crond by commenting:

Code:

#session	required	pam_loginuid.so

The cron daemon will now not require the PAM login uid and so no error is thrown and the error that isn't made will not be logged.

Hasn't posed a problem for me yet.

[Frank Broughton]

Thanks Spath....
Yes the error is on my VPS account - edited the file as you suggested.

[Spathiphyllum]

Is it working, Frank?

Or did I forget to tell you the "something else I did" to resolve it?

[Frank Broughton]

I will check my logwatch file tomorrow and I will let you know. Or do you know which log file that error is reported in I can check now?

[Spathiphyllum]

I believe the default is /var/log/secure.

If that's not it, you may need to check how your cron or PAM authentication config files are set up to find paths for error logging.