F20 System Wide Change: No Default Sendmail

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Thu Jul 25 01:39:25 UTC 2013 

On Thu, Jul 25, 2013 at 03:13:33AM +0300, Oron Peled wrote:
> On Wednesday 24 July 2013 13:23:08 Lennart Poettering wrote:
> > On Tue, 23.07.13 04:03, Oron Peled (oron at actcom.co.il) wrote:
> > > There are two issues however:
> > >  * The log-splitting of journald is really nice feature. But it doesn't
> > >    work for cron:
> > >         $ echo '* * * * * /bin/echo "Test output from cron"' | \
> > >         
> > >              crontab '-'    # than wait a minute
> > >         
> > >         $ journalctl        # only shows crontab, not the cron output
> > >         $ su -
> > >         # journalctl        # Cron output is properly shown.
> > 
> > Also as mentioned on this thread, this doesn't work for cron right now
> > as cron actually collects all log output of a job and then posts it
> > under its own identity, which is why it is attributed to cron/root.
> 
> Sounds reasonable, but please look at the result of previous tests:
>    # journalctl SYSLOG_IDENTIFIER=CROND --output verbose
>    Tue 2013-07-23 03:31:01 IDT ...
>         PRIORITY=6
>         _UID=0
>         _MACHINE_ID=...
>         _HOSTNAME=...
>         _EXE=/usr/bin/bash
>         _TRANSPORT=syslog
>         SYSLOG_FACILITY=9
>         _SELINUX_CONTEXT=system_u:system_r:crond_t:s0-s0:c0.c1023
>         _GID=501
>         _AUDIT_LOGINUID=501
>         _SYSTEMD_OWNER_UID=501
>         _BOOT_ID=...
>         SYSLOG_IDENTIFIER=CROND
>         _COMM=sh
>         MESSAGE=(oron) CMD (/bin/echo "Test output from cron")
>         _CMDLINE=/bin/sh -c /bin/echo "Test output from cron"
>         SYSLOG_PID=19788
>         _PID=19788
>         _AUDIT_SESSION=194
>         _SYSTEMD_CGROUP=/user/501.user/194.session
>         _SYSTEMD_SESSION=194
>         _SOURCE_REALTIME_TIMESTAMP=1374539461144186
> 
> It seems it was filtered by _UID, but what's the difference between that
> and _AUDIT_LOGINUID and _SYSTEMD_OWNER_UID?
Those fields are described in systemd.journal-fields(7) manpage:
- _UID is the UID of the sender of the messsage
- _AUDIT_LOGINUID comes from the kernel's audit subsystem
- _SYSTEMD_OWNER_UID is derived from the position in systemd cgroup
  hierarchy.
Each one serves a different purpose. The underscore in front signifies that
they were collected by journald itself, and are not controlled by the sender.

> 
> > THis is, if you so will, a misdesign in cronie.
> 
> Maybe:
>  * But if it writes to syslog as root (_UID=0), how come _AUDIT_LOGINUID
>    is my uid?
Cron opens a pam session when running your job, and then login uid
is set.

Zbyszek
-- 
they are not broken. they are refucktored
                           -- alxchk

More information about the devel mailing list