Re: repeated system mail, /etc/.pwd.lock ?

To: debian-user@lists.debian.org
Subject: Re: repeated system mail, /etc/.pwd.lock ?
From: David Wright <deblis@lionunicorn.co.uk>
Date: Sat, 8 May 2021 23:16:30 -0500
Message-id: <[🔎] 20210509041630.GA7876@axis.corp>
Reply-to: debian-user@lists.debian.org
In-reply-to: <YJKA6kQUCT/wJwqb@wooledge.org>
References: <[🔎] 87czu7kox2.fsf@zoho.eu> <[🔎] 71ca6051-bf47-1596-4a0e-2782eae9aeee@darac.org.uk> <[🔎] 875yzyj23d.fsf@zoho.eu> <[🔎] 87eeemq9hv.fsf@copper.locationd.net> <[🔎] 878s4udlwm.fsf@zoho.eu> <[🔎] 20210505023249.GA26558@axis.corp> <YJKA6kQUCT/wJwqb@wooledge.org>

On Wed 05 May 2021 at 07:26:34 (-0400), Greg Wooledge wrote:
> On Tue, May 04, 2021 at 09:32:49PM -0500, David Wright wrote:
> > It looks reasonable for determining whether your system files are
> > being interfered with. But you just showed one example from the
> > log, which was for the /etc/.pwd.lock lockfile. I assume you don't
> > have 2757 of these but, rather, the names of an assortment of files.
> 
> That's an interesting interpretation.  If that's actually *true*, I
> wish the OP had made that more clear.  I interpreted it as literally
> being thousands of instances of the *same* file, the one shown in the
> Subject: header and in the original message body.
> 
> (In which case, removing iwatch will certainly stop the logging, but
> it won't stop whoever is locking and unlocking your passwd/shadow
> files thousands of times, which is something I might care enough to
> investigate -- and is a great reason for installing iwatch, to look for
> such a thing.)
> 
> (Also I'd never heard of "monkeysphere" before and didn't even know
> that openssh-client suggested it.  So it's been an educational thread.)

FYI:

I installed iwatch, and that immediately generated two messages from
/etc/.etckeeper. Then I upgraded:

  apt apt-doc apt-utils bind9-host curl dnsutils exim4 exim4-base exim4-config exim4-daemon-light
  firefox-esr firefox-esr-l10n-en-gb gstreamer1.0-gl gstreamer1.0-libav gstreamer1.0-plugins-bad
  gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-pulseaudio gstreamer1.0-x
  libapt-inst2.0 libapt-pkg5.0 libbind9-161 libcurl3-gnutls libcurl4 libdns-export1104 libdns1104
  libgstreamer-gl1.0-0 libgstreamer-plugins-bad1.0-0 libgstreamer-plugins-base1.0-0 libirs161
  libisc-export1100 libisc1100 libisccc161 libisccfg163 libjs-underscore libldb1 liblwres161
  libopenjp2-7 openjdk-11-jre openjdk-11-jre-headless wpasupplicant xserver-common
  xserver-xorg-core xserver-xorg-legacy
44 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

and got 387 more messages.

I then added one new user, which generated 97 more, where
/etc/.pwd.lock was the subject of four of them.

Purging iwatch then generated a final three.

So the OP's 2757 is no surprise with the default configuration.

Cheers,
David.

Reply to:

Follow-Ups:
- Re: repeated system mail, /etc/.pwd.lock ?
  - From: Emanuel Berg <moasenwood@zoho.eu>

References:
- repeated system mail, /etc/.pwd.lock ?
  - From: Emanuel Berg <moasenwood@zoho.eu>
- Re: repeated system mail, /etc/.pwd.lock ?
  - From: Darac Marjal <mailinglist@darac.org.uk>
- Re: repeated system mail, /etc/.pwd.lock ?
  - From: Emanuel Berg <moasenwood@zoho.eu>
- Re: repeated system mail, /etc/.pwd.lock ?
  - From: Kushal Kumaran <kushal@locationd.net>
- Re: repeated system mail, /etc/.pwd.lock ?
  - From: Emanuel Berg <moasenwood@zoho.eu>
- Re: repeated system mail, /etc/.pwd.lock ?
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: repeated system mail, /etc/.pwd.lock ?
  - From: Greg Wooledge <greg@wooledge.org>

Prev by Date: Re: repeated system mail, /etc/.pwd.lock ?
Next by Date: Re: PC fan getting very loud
Previous by thread: Re: OT: dotfile generalities (was Re: repeated system mail, /etc/.pwd.lock ?)
Next by thread: Re: repeated system mail, /etc/.pwd.lock ?
Index(es):
- Date
- Thread