Re: what's that?
On Fri, 5 Apr 2002, Kirill Zverev wrote:
> I found that in my logs:
>
> Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody
> Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0)
>
> who could use su at six o'clock in the morning?
from /etc/crontab:
# m h dom mon dow user command
25 6 * * * root test -e /usr/sbin/anacron || run-parts --report /etc/cron.daily
which then in turn invokes:
/etc/cron.daily/find
which contains the line:
cd / && updatedb --localuser=nobody 2>/dev/null
and from the manpage for updatedb, you'll see that --localuser invokes su.
:)
In short, this appears to be normal daily processing on your system.
tony
--
All parts should go together without forcing. You must remember that
the parts you are reassembling were disassembled by you. Therefore,
if you can't get them together again, there must be a reason. By all
means, do not use a hammer. -- IBM maintenance manual, 1925
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: