pam upgrade broke cron

Bug #790532 reported by Ralf Hildebrandt
82
This bug affects 17 people
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: unattended-upgrades

Today, unattended-upgrade upgraded PAM:

# fgrep pam /var/log/dpkg.log |grep upgrade
2011-05-31 06:47:18 upgrade libpam0g 1.1.1-4ubuntu2 1.1.1-4ubuntu2.2
2011-05-31 06:47:20 upgrade libpam-modules 1.1.1-4ubuntu2 1.1.1-4ubuntu2.2
2011-05-31 06:47:24 upgrade libpam-runtime 1.1.1-4ubuntu2 1.1.1-4ubuntu2.2

After this, cron was broken:

May 31 06:46:01 dns-cbf CRON[15914]: pam_unix(cron:session): session opened for user nobody by (uid=0)
May 31 06:46:01 dns-cbf CRON[15914]: pam_unix(cron:session): session closed for user nobody
May 31 06:47:01 dns-cbf CRON[16042]: pam_unix(cron:session): session opened for user nobody by (uid=0)
May 31 06:47:01 dns-cbf CRON[16042]: pam_unix(cron:session): session closed for user nobody
May 31 06:48:01 dns-cbf CRON[16833]: PAM unable to dlopen(/lib/security/pam_env.so): /lib/libpam.so.0: version `LIBPAM_MODUTIL_1.1.3' not found (required by /lib/security/pam_env.so)
May 31 06:48:01 dns-cbf CRON[16833]: PAM adding faulty module: /lib/security/pam_env.so
May 31 06:48:01 dns-cbf CRON[16833]: pam_unix(cron:session): session opened for user nobody by (uid=0)
May 31 06:49:01 dns-cbf CRON[16893]: PAM unable to dlopen(/lib/security/pam_env.so): /lib/libpam.so.0: version `LIBPAM_MODUTIL_1.1.3' not found (required by /lib/security/pam_env.so)
May 31 06:49:01 dns-cbf CRON[16893]: PAM adding faulty module: /lib/security/pam_env.so
May 31 06:49:01 dns-cbf CRON[16893]: pam_unix(cron:session): session opened for user nobody by (uid=0)
May 31 06:50:01 dns-cbf CRON[16959]: PAM unable to dlopen(/lib/security/pam_env.so): /lib/libpam.so.0: version `LIBPAM_MODUTIL_1.1.3' not found (required by /lib/security/pam_env.so)
May 31 06:50:01 dns-cbf CRON[16959]: PAM adding faulty module: /lib/security/pam_env.so

Why was cron not being restarted as required by a PAM update? The solution was to manually restart cron on all affected machines :(

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: unattended-upgrades 0.62ubuntu1
ProcVersionSignature: Ubuntu 2.6.35-25.44-server 2.6.35.10
Uname: Linux 2.6.35-25-server x86_64
Architecture: amd64
Date: Tue May 31 10:22:22 2011
InstallationMedia: Ubuntu-Server 10.10 "Maverick Meerkat" - Release amd64 (20101007)
PackageArchitecture: all
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: unattended-upgrades

Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote :
Revision history for this message
John Edwards (john-cornerstonelinux) wrote :

I can confirm the problem and restarting cron appears to be a solution.

Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote :

I found a machine without "unattended-upgrades", performed the PAM upgrade manually and alas, cron et.al. were not being restarted. So maybe it's an error in the packages themselves!!!

Revision history for this message
Bart Verwilst (verwilst) wrote :

If it's indeed a problem in the package, maybe another upgrade would be advisable, even if it's just to trigger a restart of the crons.. We have 1600 servers that need to have cron restarted now, if we wouldn't be aware of this issue, this could really mess up vital parts of our organisation that depend on timed executions. A new release that restarts cron could make the amount of bad surpises over the next couple of days a lot less for a lot of unaware system admins.

Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote : Re: [Bug 790532] Re: pam upgrade broke cron

* Bart Verwilst <email address hidden>:
> If it's indeed a problem in the package, maybe another upgrade would be
> advisable, even if it's just to trigger a restart of the crons..

Well, not via unattended-upgrades, since that just broke :)

> We have 1600 servers that need to have cron restarted now,

If feel your pain!!!

> if we wouldn't be aware of this issue, this could really mess up vital
> parts of our organisation that depend on timed executions.

It did here.

> A new release that restarts cron could make the amount of bad surpises
> over the next couple of days a lot less for a lot of unaware system
> admins.

For all those people who didn't notice their cron not running,
unattended-upgrades won't work!

It's truly FUBARed

Revision history for this message
Joey Imbasciano (joey-imbasciano) wrote :

We are experiencing the same issue while running these 8.04 AMIs on AWS (ami-6836dc01, ami-0c36dc65). After upgrading PAM, the cron service has stopped responding on all of our servers. Restarting the service seems to fix the issue.

Revision history for this message
Ralf Hildebrandt (ralf-hildebrandt) wrote :

(I move dthe bug to "pam" since the error also occurs when an interactive update occurs)

affects: unattended-upgrades (Ubuntu) → pam (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.