[98438] in RedHat Linux List
Re: Whats this mean in my log?
daemon@ATHENA.MIT.EDU (Ramon Gandia)
Mon Nov 9 04:01:52 1998
Date: Sun, 08 Nov 1998 23:57:38 -0900
From: Ramon Gandia <rfg@nook.net>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Nitesh Dhanjani wrote:
>
> hello, I have the following in my /var/log/messages very frequently:
>
> could anyone tell me whats causing this?
>
> thanks!
>
> nitesh.
>
> Nov 8 04:02:32 shrine PAM_pwdb[2018]: (su) session opened for user nobody
> by (u
> id=99)
> Nov 8 04:02:49 shrine PAM_pwdb[2018]: (su) session closed for user nobody
> Nov 8 05:01:00 shrine PAM_pwdb[2183]: (su) session opened for user news
> by (uid
> =9)
> Nov 8 05:01:00 shrine PAM_pwdb[2183]: (su) session closed for user news
> Nov 8 06:01:00 shrine PAM_pwdb[2218]: (su) session opened for user news
> by (uid
> =9)
User 'news' is the News Server daemon, probably innd. I doubt
very much that you need innd in your machine, running this type
of news server is usually a specialized function of an ISP or
network center. Disable it in /etc/rc.d/init.d or in
/etc/rc.d/rc3.d.
The user 'nobody' is used by various processes that need to access
files. It is an internal function. In your case, it looks as if
the process was PAM authentication for when you or someone used
the su command.
Nothing to worry about. Except innd. If you are not sure about
innd, trust me, you need to disable it from starting up at bootup.
--
Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
285 West First Avenue rfg@nook.net
P.O. Box 970 tel. 907-443-7575
Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
