/var/log/auth.log にて、CRONが動くときこういうログがずーっと出てて 超うっとおしいやつ
Oct 24 19:28:01 unkoman CRON[22792]: pam_unix(cron:session): session opened for user root by (uid=0) Oct 24 19:28:02 unkoman CRON[22792]: pam_unix(cron:session): session closed for user root Oct 24 19:29:01 unkoman CRON[22918]: pam_unix(cron:session): session opened for user root by (uid=0) Oct 24 19:29:01 unkoman CRON[22918]: pam_unix(cron:session): session closed for user root
おまじないとしか言いようのない設定追加でなんとかなることがわかった
/etc/pam.d/common-session-noninteractive
# here are the per-package modules (the "Primary" block) session [default=1] pam_permit.so # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # and here are more per-package modules (the "Additional" block) ★ session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid session required pam_unix.so
session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid を、
session required pam_unix.so の前に追記する
そして、設定変更後は cron を再起動。 原理はマジでわからん。
systemctl restart cron