You are here

Cron: pam_unix (cron:session): session opened/closed for user root by (uid=0)

This is my week of playing around with mail servers and I have been keeping an eye on the logs on a regular basis. I noticed that the auth.log was riddled with millions of these pointless (from my POV anyhow) log entries:

CRON: pam_unix(cron:session): session opened for user root by (uid=0)
CRON: pam_unix(cron:session): session closed for user root

This is - as is readily apparent - happening because of cron which can run every minute, every 10 minutes, every hour, and so on as configured. When cron does this running it often runs as root and doing so creates a session for said user. This, due to the default settings of most Linices, is logged (which does seem prudent if it wasn't so annoying) in auth.log. A kind soul on the Debian bug tracker has provided a solution that does not log this session activity, but only when run by cron. To do this (on Debian/Ubuntu):

  • Go to the /etc/pam.d directory.
  • Open the file common-session-noninteractive in an editor.
  • Look for the following line:
    session required        pam_unix.so
  • Above this line, add the following:
    session     [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid
  • Save the file and exit.
  • Restart crond using something like service cron restart.

... and that should do it!

Hope this helps :)

Comments

Thank you very much. I was terribly anoyed by this log-spam generated by a two cron jobs which both run every minute.
It helped me to shrink the logfile.

What you neglegted to mention is that the cron sevice needs a restart:
service cron restart

Anyway: thanks for helping me :)

Dan

Thanks Dan. I've added the step :)

Not all my Ubuntu machines like this adjustment.
I have checked if I made a typo but did not, I get the message:
PAM (cron) illegal module type: service

Now my auth.log is filled with this message instead of the pam_unix
What can be the reason for this message?

Perhaps you can compare the config files (common-session-noninteractive) in all your machines to see if there are any discrepancies?

Thank you very much for this. Was looking to reduce the log spam from my servers, and since it was switched over to systemd the regular filtering methods didn't work, so was more interested to find the real location to fix this.

This blog post helped :)

Exactly the fix I was looking for. Little blurbs like this are perfect when it comes to helping other admins. Thanks!