/usr/bin/updatedb; Re: [plug] auth.log

Daniel Pearson daniel at flashware.net
Tue Jul 18 20:24:55 WST 2006 

Alastair Irvine wrote:
> On Mon, 17 Jul 2006 11:33 am, Timothy White wrote:
>   
>>>> And here's everything that's in the Crontab atm..
>>>> 17 *    * * *   root    run-parts --report /etc/cron.hourly
>>>> 25 6    * * *   root    test -x /usr/sbin/anacron ||
>>>> run-parts --report
>>>>         
>>> Am I right in suggesting that the line above is set to activate
>>> at the same time that you are having the log entries for the
>>> 'nobody' sessions ?
>>>       
>> Check the /etc/anacrontab and see what is running. You'll
>> probably find that it's something in the /etc/cron.d or
>> /etc/cron.daily directorys. (They are like 'crontab' parts,
>> making up a large crontab, so not everything run by cron is in
>> /etc/crontab, lots is in separate files, for easier management by
>> packages).
>>     
>
> As you can see from the above crontab lines, even if anacron is not 
> installed, the files in /etc/cron.daily are still run.  As they are 
> on my debian box.
>   
Ok.. output is as follows:
root at fs01:/home/flashware# locate anacron
/usr/share/doc/cron/README.anacron

root at fs01:/etc/cron.daily# ls -al
total 52
drwxr-xr-x  2 root root 4096 2006-06-18 12:53 .
drwxr-xr-x 56 root root 4096 2006-07-16 20:56 ..
-rwxr-xr-x  1 root root 5566 2006-04-19 03:47 apt
-rwxr-xr-x  1 root root  314 2006-04-03 22:43 aptitude
-rwxr-xr-x  1 root root  502 2005-10-25 10:15 bsdmainutils
-rwxr-xr-x  1 root root  419 2006-03-20 14:25 find
-rwxr-xr-x  1 root root   89 2005-10-25 18:37 logrotate
-rwxr-xr-x  1 root root  946 2005-09-26 23:13 man-db
-rw-r--r--  1 root root  102 2005-11-15 20:46 .placeholder
-rwxr-xr-x  1 root root  383 2006-05-17 17:52 samba
-rwxr-xr-x  1 root root 3227 2005-11-15 20:46 standard
-rwxr-xr-x  1 root root 1307 2006-04-25 02:41 sysklogd

> I found out that /etc/cron.daily/find runs the /usr/bin/updatedb 
> script*.  The former exports LOCALUSER="nobody", which tells the 
> latter which user to "su" as.  This looks like the source of your 
> log entries.
>   
root at fs01:/etc/cron.daily# cat find|grep nobody
LOCALUSER="nobody"

root at fs01:/etc/cron.daily# cat find
#! /bin/sh
#
# cron script to update the `locatedb' database.
#
# Written by Ian A. Murdock <imurdock at debian.org> and
#            Kevin Dalley <kevin at aimnet.com>

LOCALUSER="nobody"
export LOCALUSER
if [ -f /etc/updatedb.conf ]; then
  . /etc/updatedb.conf
fi

if getent passwd $LOCALUSER > /dev/null ; then
  cd / && nice -n ${NICE:-10} updatedb 2>/dev/null
else
  echo "User $LOCALUSER does not exist."
  exit 1
fi


> * this rebuilds a pathname database for use by the "locate" utility.
Spot on.. so that means I should just not worry about the log entry?

Cheers; Dan

More information about the plug mailing list