Re: repeated system mail, /etc/.pwd.lock ?
On Wed, May 05, 2021 at 03:11:53AM +0200, Emanuel Berg wrote:
> Kushal Kumaran wrote:
> > The manpage at
> > https://manpages.debian.org/buster/iwatch/iwatch.1.en.html
> > shows log output similar to what you see. Check your iwatch
> > configuration and see what it is doing.
>
> Thanks, but I've never heard of iwatch, so I haven't mucked
> around with its config file. But OK, here it is
>
> <watchlist>
> <path type="single">/etc</path>
> Does that say anything to you?
It says that it's watching /etc. Which is where your file is. No
surprises here so far.
What you really should be asking is, "What process is using this file,
and why don't I know about it?"
Googling for the file name turns up this:
https://lists.debian.org/debian-user/2005/07/msg02949.html
The lckpwdf() and ulckpwdf() functions enable modification access to the
password databases through the lock file. A process first uses lckpwdf() to
lock the lock file, thereby gaining exclusive rights to modify the
/etc/passwd or /etc/shadow password database. (See "passwd" and "shadow" man
pages.)
Upon completing modifications, a process should release the lock on the lock
file using ulckpwdf(). This mechanism prevents simultaneous modification of
the password databases. The lock file, /etc/.pwd.lock, is used to coordinate
modification access to the password databases /etc/passwd and /etc/shadow.
So, as one might expect just from the file name, it's a lock file for
the passwd file.
Again, the real question is: What process is touching your passwd file
at this time, and why don't you know about it?
Reply to: