RHEL 7 and uid < 59000 in pam files
Hello,
we are about to start deploying more and more RHEL 7 servers. On the few I have just done there is one, well, "issue".
In some of the /etc/pam.d/* files there is stanza:
# grep 59000 *
fingerprint-auth:account sufficient pam_succeed_if.so uid < 59000 quiet
fingerprint-auth-ac:account sufficient pam_succeed_if.so uid < 59000 quiet
password-auth:auth requisite pam_succeed_if.so uid >= 59000 quiet_success
password-auth:account sufficient pam_succeed_if.so uid < 59000 quiet
password-auth-ac:auth requisite pam_succeed_if.so uid >= 59000 quiet_success
password-auth-ac:account sufficient pam_succeed_if.so uid < 59000 quiet
smartcard-auth:account sufficient pam_succeed_if.so uid < 59000 quiet
smartcard-auth-ac:account sufficient pam_succeed_if.so uid < 59000 quiet
system-auth:auth requisite pam_succeed_if.so uid >= 59000 quiet_success
system-auth:account sufficient pam_succeed_if.so uid < 59000 quiet
system-auth-ac:auth requisite pam_succeed_if.so uid >= 59000 quiet_success
system-auth-ac:account sufficient pam_succeed_if.so uid < 59000 quiet
On RHEL 6 it was uid < 500. Does anybody know it has been changed from 500 to 59000 ?
Responses
It got changed from 500 to 1000 in RHEL 7. But 59000 is strange. Perhaps some local deployment customization has misfired?
If this is the only change compared to RHEL 7.x standard configuration, this will have the effect of making PAM not log successful logins of regular users with UID < 59000 to the system log. Normally, only system accounts with UID < 1000 have their PAM successful login messages omitted.
That sounds plausible, but then it would be a bug in the cloning process.
It might be that the VMware Tools/open-vm-tools will be commanded to make some changes to system settings as part of the cloning process, but one of the changes gets applied to wrong files.
Which version of VCenter you're using? Are you using open-vm-tools or VMware Tools? Which version? Other people with the same versions might want to check if it happens in their environments too.
Since the change affects the logging of user logins, it might have some security implications. In theory, it might be usable as a part of a scheme to hide some unauthorized activity.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
