xenial auth.log에서 다음과 같은 내용을 많이 볼 수 있습니다.
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" was met by user "root"
systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
runuser: pam_unix(runuser-l:session): session opened for user root by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user root
systemd: pam_unix(systemd-user:session): session closed for user root
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
runuser: pam_unix(runuser-l:session): session opened for user nobody by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user nobody
systemd: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
runuser: pam_unix(runuser-l:session): session opened for user nobody by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user nobody
취해진 조치는 /etc/pam.d/common-account와 일치합니다:
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
account sufficient pam_succeed_if.so uid < 2000
account required pam_access.so
account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] pam_ldap.so minimum_uid=2000
하지만 사용자 None으로 실행하려는 것이 정확히 무엇인지 알 수 없습니다. 시스템 로그에서 다음을 발견했습니다.
systemd[1]: Created slice User Slice of nobody.
systemd[1]: Starting User Manager for UID 65534...
systemd[1]: Started Session c7289 of user nobody.
collectd[15403]: 0 Success: 1 value has been dispatched.
collectd[15403]: message repeated 21 times: [ 0 Success: 1 value has been dispatched.]
systemd[32704]: [email protected]: Failed at step PAM spawning /lib/systemd/systemd: Operation not permitted
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
systemd[1]: Removed slice User Slice of nobody.
내가 확인할 때[이메일 보호됨], 시작할 수 없는 것 같습니다:
● [email protected] - User Manager for UID 65534
Loaded: loaded (/lib/systemd/system/[email protected]; static; vendor preset: enabled)
Active: inactive (dead)
systemd[31364]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd[31364]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
systemd[1]: Starting User Manager for UID 65534...
systemd[32704]: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
systemd[32704]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd[32704]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
하지만 정확히 무엇이 필요한지, 왜 가끔씩 시작해야 하는지, 무엇을 통해 시작해야 하는지는 알 수 없습니다.
/usr/lib/systemd/ 및 /etc/systemd에서 "nobody" 및 "65534"를 검색했지만 결과가 충분하지 않았습니다. 마찬가지로 /etc/cron을 확인했지만 동시에 삭제한 /etc/cron.daily/popularity-contest를 제외하고는 아무도 실행하지 않습니다.
나로서는 이 서비스를 시작하려는 목적이 무엇인지, 어떤 목적으로 시작하려고 하는지 알 수 없습니다. 또한 비활성화할 수 없습니다.[이메일 보호됨]“정적이어서 그것이 좋은 생각인지 잘 모르겠습니다.
그건 그렇고, 사용자 자신은:
# getent passwd nobody
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
어떤 아이디어가 있나요?