Ubuntu

pam upgrade broke cron

Reported by Ralf Hildebrandt on 2011-05-31
82
This bug affects 17 people
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: unattended-upgrades

Today, unattended-upgrade upgraded PAM:

# fgrep pam /var/log/dpkg.log |grep upgrade
2011-05-31 06:47:18 upgrade libpam0g 1.1.1-4ubuntu2 1.1.1-4ubuntu2.2
2011-05-31 06:47:20 upgrade libpam-modules 1.1.1-4ubuntu2 1.1.1-4ubuntu2.2
2011-05-31 06:47:24 upgrade libpam-runtime 1.1.1-4ubuntu2 1.1.1-4ubuntu2.2

After this, cron was broken:

May 31 06:46:01 dns-cbf CRON[15914]: pam_unix(cron:session): session opened for user nobody by (uid=0)
May 31 06:46:01 dns-cbf CRON[15914]: pam_unix(cron:session): session closed for user nobody
May 31 06:47:01 dns-cbf CRON[16042]: pam_unix(cron:session): session opened for user nobody by (uid=0)
May 31 06:47:01 dns-cbf CRON[16042]: pam_unix(cron:session): session closed for user nobody
May 31 06:48:01 dns-cbf CRON[16833]: PAM unable to dlopen(/lib/security/pam_env.so): /lib/libpam.so.0: version `LIBPAM_MODUTIL_1.1.3' not found (required by /lib/security/pam_env.so)
May 31 06:48:01 dns-cbf CRON[16833]: PAM adding faulty module: /lib/security/pam_env.so
May 31 06:48:01 dns-cbf CRON[16833]: pam_unix(cron:session): session opened for user nobody by (uid=0)
May 31 06:49:01 dns-cbf CRON[16893]: PAM unable to dlopen(/lib/security/pam_env.so): /lib/libpam.so.0: version `LIBPAM_MODUTIL_1.1.3' not found (required by /lib/security/pam_env.so)
May 31 06:49:01 dns-cbf CRON[16893]: PAM adding faulty module: /lib/security/pam_env.so
May 31 06:49:01 dns-cbf CRON[16893]: pam_unix(cron:session): session opened for user nobody by (uid=0)
May 31 06:50:01 dns-cbf CRON[16959]: PAM unable to dlopen(/lib/security/pam_env.so): /lib/libpam.so.0: version `LIBPAM_MODUTIL_1.1.3' not found (required by /lib/security/pam_env.so)
May 31 06:50:01 dns-cbf CRON[16959]: PAM adding faulty module: /lib/security/pam_env.so

Why was cron not being restarted as required by a PAM update? The solution was to manually restart cron on all affected machines :(

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: unattended-upgrades 0.62ubuntu1
ProcVersionSignature: Ubuntu 2.6.35-25.44-server 2.6.35.10
Uname: Linux 2.6.35-25-server x86_64
Architecture: amd64
Date: Tue May 31 10:22:22 2011
InstallationMedia: Ubuntu-Server 10.10 "Maverick Meerkat" - Release amd64 (20101007)
PackageArchitecture: all
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: unattended-upgrades

I can confirm the problem and restarting cron appears to be a solution.

I found a machine without "unattended-upgrades", performed the PAM upgrade manually and alas, cron et.al. were not being restarted. So maybe it's an error in the packages themselves!!!

Bart Verwilst (verwilst) wrote :

If it's indeed a problem in the package, maybe another upgrade would be advisable, even if it's just to trigger a restart of the crons.. We have 1600 servers that need to have cron restarted now, if we wouldn't be aware of this issue, this could really mess up vital parts of our organisation that depend on timed executions. A new release that restarts cron could make the amount of bad surpises over the next couple of days a lot less for a lot of unaware system admins.

* Bart Verwilst <email address hidden>:
> If it's indeed a problem in the package, maybe another upgrade would be
> advisable, even if it's just to trigger a restart of the crons..

Well, not via unattended-upgrades, since that just broke :)

> We have 1600 servers that need to have cron restarted now,

If feel your pain!!!

> if we wouldn't be aware of this issue, this could really mess up vital
> parts of our organisation that depend on timed executions.

It did here.

> A new release that restarts cron could make the amount of bad surpises
> over the next couple of days a lot less for a lot of unaware system
> admins.

For all those people who didn't notice their cron not running,
unattended-upgrades won't work!

It's truly FUBARed

We are experiencing the same issue while running these 8.04 AMIs on AWS (ami-6836dc01, ami-0c36dc65). After upgrading PAM, the cron service has stopped responding on all of our servers. Restarting the service seems to fix the issue.

(I move dthe bug to "pam" since the error also occurs when an interactive update occurs)

affects: unattended-upgrades (Ubuntu) → pam (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers