[98446] in RedHat Linux List
Re: Whats this mean in my log?
daemon@ATHENA.MIT.EDU (Joerg Mertin)
Mon Nov 9 05:31:24 1998
Date: Mon, 9 Nov 1998 11:04:30 +0100
From: Joerg Mertin <smurphy@dspecialists.de>
To: redhat-list@redhat.com
Mail-Followup-To: redhat-list@redhat.com
In-Reply-To: <3646AE82.5072CCB3@nook.net>; from Ramon Gandia on Sun, Nov 08, 1998 at 11:57:38PM -0900
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On Sun, Nov 08, 1998 at 11:57:38PM -0900, Ramon Gandia wrote:
>
>
> Nitesh Dhanjani wrote:
> >
> > hello, I have the following in my /var/log/messages very frequently:
> >
> > could anyone tell me whats causing this?
> >
> > thanks!
> >
> > nitesh.
> >
> > Nov 8 04:02:32 shrine PAM_pwdb[2018]: (su) session opened for user nobody
> > by (u
> > id=99)
> > Nov 8 04:02:49 shrine PAM_pwdb[2018]: (su) session closed for user nobody
> > Nov 8 05:01:00 shrine PAM_pwdb[2183]: (su) session opened for user news
> > by (uid
> > =9)
> > Nov 8 05:01:00 shrine PAM_pwdb[2183]: (su) session closed for user news
> > Nov 8 06:01:00 shrine PAM_pwdb[2218]: (su) session opened for user news
> > by (uid
> > =9)
>
> User 'news' is the News Server daemon, probably innd. I doubt
> very much that you need innd in your machine, running this type
> of news server is usually a specialized function of an ISP or
> network center. Disable it in /etc/rc.d/init.d or in
> /etc/rc.d/rc3.d.
>
> The user 'nobody' is used by various processes that need to access
> files. It is an internal function. In your case, it looks as if
> the process was PAM authentication for when you or someone used
> the su command.
I bet this is the call to updatedb -> /etc/cron.daily/updatedb.cron
It is started as User nobody, to not show possible Intruders the location
of files that should not be accessible by normal users.
> Nothing to worry about. Except innd. If you are not sure about
> innd, trust me, you need to disable it from starting up at bootup.
rpm -e inn should do the job here.
Regards
--
linux: the choice of a GNU generation
(ksh@cis.ufl.edu put this on Tshirts in '93)
-------------------------------------------------------------------------
Systemverwalter: Joerg Mertin <smurphy@stardust.phantasia.org>
Phone : +49 30 467 805-71 DSPecialists GmbH
FAX: +49 30 467 805-99 Wattstraße 11-13
Email: <smurphy@DSPecialists.de> 13355 Berlin
WWW: http://www.DSPecialists.de Germany
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
