You (root) are not allowed to access to (crontab) because of pam configuration
巡檢發現一臺Linux服務器上的作業沒有如期發送郵件,登錄服務器檢查後發現作業並沒有執行,於是檢查一下crontab的設置。結果發現如下錯誤:
[[email protected] ~]# crontab -l
Authentication token is no longer valid; new one required
You (root) are not allowed to access to (crontab) because of pam configuration.
[[email protected] ~]#
查看了一下/etc/pam.d/crond,仔細檢查後發現我們設置了密碼過期策略,當密碼過期後,作業由於權限認證是不會執行的,這個可以參考Linux賬號密碼過期會導致crontab作業不能執行和 Linux賬戶密碼過期安全策略設置
[[email protected] ~]# more /etc/pam.d/crond
#
# The PAM configuration file for the cron daemon
#
#
# No PAM authentication called, auth modules not needed
account
account include password-auth
session required pam_loginuid.so
session include password-auth
auth include password-auth
想必細心的人發現上面截圖裏面都是root賬號, 那如果密碼過期了後,你怎麽使用root登錄呢? 其實這裏我們訪問服務器通過Jump Server(跳板機)登錄,登錄後使用sudo su - 切換到root賬號,所以沒有遇到類似下面需要修改密碼的通知。
You are required to change your password immediately (password aged)
Last login: Wed Jun 28 15:42:13 2017 from xxx.xxx.xxx.xxx
Changing password for root.
(current) UNIX password:
You (root) are not allowed to access to (crontab) because of pam configuration