巡检发现一台Linux服务器上的作业没有如期发送邮件,登录服务器检查后发现作业并没有执行,于是检查一下crontab的设置。结果发现如下错误:
[[email protected] ~]# crontab -l
Authentication token is no longer valid; new one required
You (root) are not allowed to access to (crontab) because of pam configuration.
[[email protected] ~]#
查看了一下/etc/pam.d/crond,仔细检查后发现我们设置了密码过期策略,当密码过期后,作业由于权限认证是不会执行的,这个可以参考Linux账号密码过期会导致crontab作业不能执行和 Linux账户密码过期安全策略设置
[[email protected] ~]# more /etc/pam.d/crond
#
# The PAM configuration file for the cron daemon
#
#
# No PAM authentication called, auth modules not needed
account required pam_access.so
account include password-auth
session required pam_loginuid.so
session include password-auth
auth include password-auth
想必细心的人发现上面截图里面都是root账号, 那如果密码过期了后,你怎么使用root登录呢? 其实这里我们访问服务器通过Jump Server(跳板机)登录,登录后使用sudo su - 切换到root账号,所以没有遇到类似下面需要修改密码的通知。
You are required to change your password immediately (password aged)
Last login: Wed Jun 28 15:42:13 2017 from xxx.xxx.xxx.xxx
Changing password for root.
(current) UNIX password: