The cron file /etc/cron.d/debsecan tries to run a command as user ‘daemon’:
22 * * * * daemon test -x /usr/bin/debsecan && /usr/bin/debsecan --cron
This is generating the following error:
22:22 pam_access(cron:account): access denied for user daemon' from cron’ CRON
How can this be corrected?
Please try creating a file /etc/security/access.d/my-debsecan.conf with the following contents:
+:daemon:cron
I tried your version, and I also tried:
+:daemon:cron :0 tty1
Neither worked in access.d/.
However, when I put my version in /etc/security/access.conf, it did eliminate the error.
(I tried it both ways twice to verify that access.conf works, but access.d/my-debsecan.conf doesn’t.)
What distribution is this on? What is the version of libpam-modules?
I have a Pioneer Edition FreedomBox. You are running Debian GNU/Linux 10 (buster) and FreedomBox version 20.12. FreedomBox is up to date.
Package: libpam-ldapd
Version: 0.9.10-2
Package: libpam-modules
Version: 1.3.1-5
Package: libpam-modules-bin
Version: 1.3.1-5
Package: libpam-runtime
Version: 1.3.1-5
Package: libpam-systemd
Version: 241-7~deb10u4
Package: libpam0g
Version: 1.3.1-5
I was able to eliminate the error message with a .conf file in access.d by giving it higher precedence in the parsing order than the two files I found there.
dog@freedombox:/etc/security/access.d$ ls -l
total 12
-rw-r--r-- 1 root root 14 Sep 14 13:34 00my_freedombox.conf
-rw-r--r-- 1 root root 11 May 21 04:06 10freedombox-performance.conf
-rw-r--r-- 1 root root 48 Mar 18 18:58 50freedombox.conf
dog@freedombox:/etc/security/access.d$ cat 00my_freedombox.conf
+:daemon:cron