"systemd-user"의 "nobody" 사용자에 대한 액세스가 거부되었습니다.

"systemd-user"의 "nobody" 사용자에 대한 액세스가 거부되었습니다.

xenial auth.log에서 다음과 같은 내용을 많이 볼 수 있습니다.

systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" was met by user "root"
systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
runuser: pam_unix(runuser-l:session): session opened for user root by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user root
systemd: pam_unix(systemd-user:session): session closed for user root
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
runuser: pam_unix(runuser-l:session): session opened for user nobody by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user nobody
systemd: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
runuser: pam_unix(runuser-l:session): session opened for user nobody by (uid=0)
runuser: pam_unix(runuser-l:session): session closed for user nobody

취해진 조치는 /etc/pam.d/common-account와 일치합니다:

account    [success=1 new_authtok_reqd=done default=ignore]      pam_unix.so
account    requisite            pam_deny.so
account    required            pam_permit.so
account    sufficient                      pam_succeed_if.so uid < 2000
account    required                        pam_access.so
account    [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad]        pam_ldap.so minimum_uid=2000

하지만 사용자 None으로 실행하려는 것이 정확히 무엇인지 알 수 없습니다. 시스템 로그에서 다음을 발견했습니다.

systemd[1]: Created slice User Slice of nobody.
systemd[1]: Starting User Manager for UID 65534...
systemd[1]: Started Session c7289 of user nobody.
collectd[15403]: 0 Success: 1 value has been dispatched.
collectd[15403]: message repeated 21 times: [ 0 Success: 1 value has been dispatched.]
systemd[32704]: [email protected]: Failed at step PAM spawning /lib/systemd/systemd: Operation not permitted
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
systemd[1]: Removed slice User Slice of nobody.

내가 확인할 때[이메일 보호됨], 시작할 수 없는 것 같습니다:

[email protected] - User Manager for UID 65534
   Loaded: loaded (/lib/systemd/system/[email protected]; static; vendor preset: enabled)
   Active: inactive (dead)


systemd[31364]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd[31364]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.
systemd[1]: Starting User Manager for UID 65534...
systemd[32704]: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
systemd[32704]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
systemd[32704]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
systemd[1]: Started User Manager for UID 65534.
systemd[1]: Stopped User Manager for UID 65534.

하지만 정확히 무엇이 필요한지, 왜 가끔씩 시작해야 하는지, 무엇을 통해 시작해야 하는지는 알 수 없습니다.

/usr/lib/systemd/ 및 /etc/systemd에서 "nobody" 및 "65534"를 검색했지만 결과가 충분하지 않았습니다. 마찬가지로 /etc/cron을 확인했지만 동시에 삭제한 /etc/cron.daily/popularity-contest를 제외하고는 아무도 실행하지 않습니다.

나로서는 이 서비스를 시작하려는 목적이 무엇인지, 어떤 목적으로 시작하려고 하는지 알 수 없습니다. 또한 비활성화할 수 없습니다.[이메일 보호됨]“정적이어서 그것이 좋은 생각인지 잘 모르겠습니다.

그건 그렇고, 사용자 자신은:

# getent passwd nobody
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

어떤 아이디어가 있나요?

관련 정보