Results 1 to 4 of 4

Thread: auth.log: access denied for user `nobody' from `systemd-user'

  1. #1
    Join Date
    Jan 2018
    Beans
    5

    auth.log: access denied for user `nobody' from `systemd-user'

    Hello all,

    I've been seeing a lot of the following in my xenial auth.log:
    Code:
    systemd: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
    systemd: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
    systemd: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
    runuser: pam_unix(runuser-l:session): session opened for user nobody by (uid=0)
    runuser: pam_unix(runuser-l:session): session closed for user nobody
    The action being taken is in accordance with /etc/pam.d/common-account:
    Code:
    account    [success=1 new_authtok_reqd=done default=ignore]      pam_unix.so
    account    requisite            pam_deny.so
    account    required            pam_permit.so
    account    sufficient                      pam_succeed_if.so uid < 2000
    account    required                        pam_access.so
    account    [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad]        pam_ldap.so minimum_uid=2000
    but I cannot figure out what exactly is trying to run as user nobody.
    I found the following in syslog:
    Code:
    systemd[1]: Created slice User Slice of nobody.
    systemd[1]: Starting User Manager for UID 65534...
    systemd[1]: Started Session c7289 of user nobody.
    collectd[15403]: 0 Success: 1 value has been dispatched.
    collectd[15403]: message repeated 21 times: [ 0 Success: 1 value has been dispatched.]
    systemd[32704]: user@65534.service: Failed at step PAM spawning /lib/systemd/systemd: Operation not permitted
    systemd[1]: Started User Manager for UID 65534.
    systemd[1]: Stopped User Manager for UID 65534.
    systemd[1]: Removed slice User Slice of nobody.
    and when I check that user@65534.service, it indeed seems it cannot be started:
    Code:
    ● user@65534.service - User Manager for UID 65534
       Loaded: loaded (/lib/systemd/system/user@.service; static; vendor preset: enabled)
       Active: inactive (dead)
    
    
    systemd[31364]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
    systemd[31364]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
    systemd[1]: Started User Manager for UID 65534.
    systemd[1]: Stopped User Manager for UID 65534.
    systemd[1]: Starting User Manager for UID 65534...
    systemd[32704]: pam_succeed_if(systemd-user:account): 'uid' resolves to '65534'
    systemd[32704]: pam_succeed_if(systemd-user:account): requirement "uid < 2000" not met by user "nobody"
    systemd[32704]: pam_access(systemd-user:account): access denied for user `nobody' from `systemd-user'
    systemd[1]: Started User Manager for UID 65534.
    systemd[1]: Stopped User Manager for UID 65534.
    but I cannot figure out exactly what needs this or why it needs to be started every once in a while or by what.

    I did a grep for "nobody" and "65534" in /usr/lib/systemd/ and /etc/systemd but came up short. Likewise, I checked /etc/cron but apart from /etc/cron.daily/popularity-contest, which I removed in the meantime, there's nothing that runs as user nobody.

    For the life in my I cannot figure out what tries to start this service or for what purpose. I also can't disable the "user@65534.service" because it's static and I'm also not sure it's a good idea.

    Btw, the user itself:
    Code:
    # getent passwd nobody
    nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
    Please help.
    Last edited by 0x19xx; February 22nd, 2024 at 10:37 AM.

  2. #2
    Join Date
    Jun 2014
    Beans
    7,369

    Re: auth.log: access denied for user `nobody' from `systemd-user'

    The links below should provide some useful information.

    https://wiki.ubuntu.com/nobody

    https://en.wikipedia.org/wiki/Nobody_(username)

  3. #3
    Join Date
    Jan 2018
    Beans
    5

    Re: auth.log: access denied for user `nobody' from `systemd-user'

    Quote Originally Posted by yancek View Post
    The links below should provide some useful information.
    Yeah, it doesn't. I don't have NFS running

  4. #4
    Join Date
    Jun 2014
    Beans
    7,369

    Re: auth.log: access denied for user `nobody' from `systemd-user'

    Don't have any further suggestions. You might try updating to a supported system since support for xenial ended nearly 3 years ago.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •