operation not permitted....

Feb 5 18:00:01 opensuse atd[23886]: PAM audit_log_acct_message() failed: Operation not permitted
Feb 5 18:05:03 opensuse atd[24052]: PAM audit_log_acct_message() failed: Operation not permitted
Feb 5 18:10:01 opensuse atd[24107]: PAM audit_log_acct_message() failed: Operation not permitted
Feb 5 18:15:02 opensuse atd[24161]: PAM audit_log_acct_message() failed: Operation not permitted
Feb 5 18:20:02 opensuse atd[24251]: PAM audit_log_acct_message() failed: Operation not permitted

I get these messages in my log, How can i take some action to know why they are there?

luuk-34 wrote:
> Feb 5 18:00:01 opensuse atd[23886]: PAM audit_log_acct_message()
> failed: Operation not permitted
> Feb 5 18:05:03 opensuse atd[24052]: PAM audit_log_acct_message()
> failed: Operation not permitted
> Feb 5 18:10:01 opensuse atd[24107]: PAM audit_log_acct_message()
> failed: Operation not permitted
> Feb 5 18:15:02 opensuse atd[24161]: PAM audit_log_acct_message()
> failed: Operation not permitted
> Feb 5 18:20:02 opensuse atd[24251]: PAM audit_log_acct_message()
> failed: Operation not permitted
>
> I get these messages in my log, How can i take some action to know why
> they are there?
>
>
here is how i came the conclusion i give below:
i used google to search only opensuse.org using this search string:

site:opensuse.org “PAM audit_log_acct_message()” atd

like so:
http://www.google.com/search?q=site%3Aopensuse.org+“PAM+audit_log_acct_message()”

when i glanced at the very few threads i realized your error message
tells you what is going on:

a program named atd is trying to do something every five minutes that
it cannot do because PAM won’t let it…

so, figure out what atd is (part of the at command, you probably have
in a script somewhere) and what pam is and you will know what to do…

i think…if not, come back


palladium

atd runs a script, which fetches news with fetchnews, part of leafnode …

pam is a authentication tool…

i dont have to use any authentication, because its fetching news (via nntp) from my the isp which connect me to the internet…

luuk-34 wrote:
> i dont have to use any authentication, because its fetching news (via
> nntp) from my the isp which connect me to the internet…

well, either something is wrong with the way your script is written
(trying to write/read/access somewhere where it has no permission to),
OR does the user/group who executes the script have permission where
the script tries to write/read/access), OR something is wrong in pam
set up (not allowing the script/user to write/read/access somewhere)
because it sounds to me like someone or something is trying to
read/write or access a file/device/log that the script doesn’t have
permission to read/write/touch–every five minutes, and hence the “not
permitted” is logged…


palladium

i tried to clean-up the script, its contents are now:
#!/bin/bash -v

get/send news

/usr/sbin/fetchnews -w -vv

at -f ~luuk/bin/MyFetchnews2 “now +1 minutes”
<end-of-script>

and i’m still getting the errors…

The command fetchnews needs to be run with ‘root’ permissions (or ‘news’), so i choose to run my script under ‘root’.

Even when i do:
sudo -u news /usr/sbin/fetchnews -w -vv
the problem remains.

i think you need to try to get the attention of a someone who is
familiar with fetchnews and more conversant in scripting than
me…therefore suggest you post your question to
http://forums.opensuse.org/programming-scripting/


palladium

ok, i did,
Operation not permitted… - openSUSE Forums

thanks…

I see a clue up there. Let’s try this.

Open YAST
Security and Users
User and Group Management
Users Tab
Highlight your UserName
Click Edit
Click Details Tab
In the right hand pane > Check NEWS
Click OK

the script is run under ‘root’,

so i dont think adding meself to the news group will solve it.

(but i tried anyway, because i’ve seen stranger thing :wink:

and unfortunally i does not help

thanks for the suggestion anyway

The script should not have to run under root. This is a simple permissions issue and should be solved by permissions. We just have to look a little closer.

There may be a way to tell the system that this does not require PAM without disabling PAM completely. That may be a little over my head though.

pam-config --query

shows nothing, so i dont think pam is configured anyway?