我在 xenial auth.log 中看到了很多以下内容:
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" was met by user "root"
systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
runuser: pam_unix(runuser-l:session): session opened for user root by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user root
systemd: pam_unix(systemd-user:session): session closed for user root
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
runuser: pam_unix(runuser-l:session): session opened for user nobody by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user nobody
systemd: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
runuser: pam_unix(runuser-l:session): session opened for user nobody by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user nobody
所采取的操作符合 /etc/pam.d/common-account:
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
account sufficient pam_succeed_if.so uid < 2000
account required pam_access.so
account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] pam_ldap.so minimum_uid=2000
但我无法弄清楚到底是什么试图以用户无人身份运行。我在系统日志中发现以下内容:
systemd[1]: Created slice User Slice of nobody.
systemd[1]: Starting User Manager for UID 65534...
systemd[1]: Started Session c7289 of user nobody.
collectd[15403]: 0 Success: 1 value has been dispatched.
collectd[15403]: message repeated 21 times: [ 0 Success: 1 value has been dispatched.]
systemd[32704]: [email protected]: Failed at step PAM spawning /lib/systemd/systemd: Operation not permitted
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
systemd[1]: Removed slice User Slice of nobody.
当我检查时[电子邮件受保护],确实好像无法启动:
● [email protected] - User Manager for UID 65534
Loaded: loaded (/lib/systemd/system/[email protected]; static; vendor preset: enabled)
Active: inactive (dead)
systemd[31364]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd[31364]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
systemd[1]: Starting User Manager for UID 65534...
systemd[32704]: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
systemd[32704]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd[32704]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
但我无法确切地弄清楚什么需要这个,或者为什么它需要每隔一段时间启动一次,或者由什么启动。
我在 /usr/lib/systemd/ 和 /etc/systemd 中对“nobody”和“65534”进行了 grep,但结果不够。同样,我检查了 /etc/cron,但除了我同时删除的 /etc/cron.daily/popularity-contest 之外,没有任何内容以无人身份运行。
在我的一生中,我无法弄清楚是什么试图启动这项服务或出于什么目的。我也无法禁用“[电子邮件受保护]“因为它是静态的,而且我也不确定这是一个好主意。
顺便说一句,用户本身:
# getent passwd nobody
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
有任何想法吗?