• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Allow cronjobs to run by pam even if user password is expired

by admin

The Problem

The system’s account will be expired by policy but need to run to cron job by that account.

When expired, cron job was failed by PAM with below message:

Jul 10 00:31:01 geeklab crond[2860]: CRON (xxx) ERROR: failed to open PAM security session: Success
Jul 10 00:31:01 geeklab crond[2860]: CRON (xxx) ERROR: cannot set security context

The Solution

Add to below line at top of account section in /etc/pam.d/system-auth (if CentOS/RHEL 7, use file password-auth)

account required pam_access.so
account [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

For example:

# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_access.so
account [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so

Filed Under: CentOS/RHEL, CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. whereis: command not found
  2. CentOS / RHEL : How to block incoming and outgoing ports using iptables
  3. How to Create Disk Partitions using cfdisk
  4. locale Command Examples in Linux
  5. “Server refused to allocate pty” – Unable to login to CentOS/RHEL
  6. jpegtran for image optimization
  7. arp Command Examples in Linux
  8. CentOS / RHEL 7 : Never run the iptables service and FirewallD service at the same time!
  9. paru Command Examples in Linux
  10. How to Install golang-github-tendermint-go-lo software package in Ubuntu

You May Also Like

Primary Sidebar

Recent Posts

  • aws ec2: CLI for AWS EC2 (Command Examples)
  • aws cur – Create, query, and delete AWS usage report definitions (Command Examples)
  • aws configure – Manage configuration for the AWS CLI (Command Examples)
  • aws cognito-idp: Manage Amazon Cognito user pool and its users and groups using the CLI

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright