xenial auth.logには次のようなものがたくさんあります。
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" was met by user "root"
systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
runuser: pam_unix(runuser-l:session): session opened for user root by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user root
systemd: pam_unix(systemd-user:session): session closed for user root
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
runuser: pam_unix(runuser-l:session): session opened for user nobody by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user nobody
systemd: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
runuser: pam_unix(runuser-l:session): session opened for user nobody by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user nobody
取られたアクションは/etc/pam.d/common-accountと一致します:
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
account sufficient pam_succeed_if.so uid < 2000
account required pam_access.so
account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] pam_ldap.so minimum_uid=2000
しかし、ユーザーNoneとして実行したいことが正確に何であるかはわかりません。システムログで以下を発見しました。
systemd[1]: Created slice User Slice of nobody.
systemd[1]: Starting User Manager for UID 65534...
systemd[1]: Started Session c7289 of user nobody.
collectd[15403]: 0 Success: 1 value has been dispatched.
collectd[15403]: message repeated 21 times: [ 0 Success: 1 value has been dispatched.]
systemd[32704]: [email protected]: Failed at step PAM spawning /lib/systemd/systemd: Operation not permitted
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
systemd[1]: Removed slice User Slice of nobody.
私が確認したとき[Eメール保護]、起動できないようです:
● [email protected] - User Manager for UID 65534
Loaded: loaded (/lib/systemd/system/[email protected]; static; vendor preset: enabled)
Active: inactive (dead)
systemd[31364]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd[31364]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
systemd[1]: Starting User Manager for UID 65534...
systemd[32704]: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
systemd[32704]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd[32704]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
しかし、正確に何が必要なのか、なぜ時々始めるのか、何を始めるのかはわかりません。
/usr/lib/systemd/ および /etc/systemd で「nobody」と「65534」を検索しましたが、結果が不十分です。同様に、/etc/cronをチェックしましたが、同時に削除した/etc/cron.daily/popularity-contestを除いて、誰も実行しません。
私としては、このサービスを開始する目的が何であるか、どの目的で開始しようとしているのかわかりません。また、無効にすることはできません。[Eメール保護]「静的で、それが良い考えなのかよくわかりません。
ところで、ユーザー自身は:
# getent passwd nobody
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
どんなアイデアがありますか?