• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Allow cronjobs to run by pam even if user password is expired

by admin

The Problem

The system’s account will be expired by policy but need to run to cron job by that account.

When expired, cron job was failed by PAM with below message:

Jul 10 00:31:01 geeklab crond[2860]: CRON (xxx) ERROR: failed to open PAM security session: Success
Jul 10 00:31:01 geeklab crond[2860]: CRON (xxx) ERROR: cannot set security context

The Solution

Add to below line at top of account section in /etc/pam.d/system-auth (if CentOS/RHEL 7, use file password-auth)

account required pam_access.so
account [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

For example:

# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_access.so
account [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so

Filed Under: CentOS/RHEL, CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. Insert into search_tmp… queries never ends
  2. Understanding Samba utilities – nmblookup, smbstatus, smbtar, testparm, wbinfo, smbget
  3. How to Configure Password Expiration and Complexity Requirements in CentOS/RHEL
  4. Intel I219-LM Centos 6 network failed to start
  5. CentOS / RHEL : How to find which user run a specific command?
  6. How to Setup a squid proxy server on CentOS/RHEL 7
  7. How to Remove or delete a Weblogic Server (WLS) Domain
  8. How to Run a Script When USB Devices Is Attached or Removed Using UDEV
  9. How to configure xhost to be persistent across reboots in Linux
  10. Examples of creating command alias in different shells

You May Also Like

Primary Sidebar

Recent Posts

  • vgextend Command Examples in Linux
  • setpci command – configure PCI device
  • db_load command – generate db database
  • bsdtar command – Read and write tape archive files

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright