I have noticed this error in /var/cron/log:
> CMD: /usr/lib/acct/ckpacct
> adm 6739 c Tue Oct 11 10:00:00 2011
< adm 6739 c Tue Oct 11 10:00:00 2011 rc=1
! bad user (adm) Tue Oct 11 11:00:00 2011
but when I try to list crontab of user 'adm':
solarni/~# crontab -l adm
crontab: you are not authorized to use cron. Sorry.
adm seems to be some kind of system user? why is it trying to use cron?
what to do?
thanks.
edit: it seems that ckpacct is used to control size of pacct log file. we have had a problem in past when that file completely filled the root filesystem, but it was solved by modifying /etc/logadm.conf . would it be then safe to remove ckpacct from crontab? if so, how to do it?
This error in cron log will come when a user ID is having password policy set on it and it tries to execute a scheduled script.
I have seen this in solaris 8.
I think you have collected a wrong output since the bad user comment is logged at 11 hrs whereas the adm 6739 job is at 10 hrs.
Regards,
Vishal
yes, sorry:
! bad user (adm) Tue Oct 11 11:00:00 2011
> CMD: /usr/lib/acct/ckpacct
> adm 6741 c Tue Oct 11 11:00:00 2011
< adm 6741 c Tue Oct 11 11:00:00 2011 rc=1
what do you mean by "having password policy set"?
I don't understand how could adm user have crontab if its "not authorized to use cron".
how to change its crontab?
Check in /var/spool/cron/crontabs if there is a crontab file for user adm.
If adm is in cron.deny in /etc/cron.d then it will say "not authorized to use cron" but earlier it may be having cron access.
You can look into the /var/spool/cron/crontabs/adm file and I think the ckpacct is still there.
Regards,
Vishal
1 Like
yes, its there. along with runacct and monacct.
iirc, its not advisable to edit directly that file, so my only option is to allow-modify-deny?
edit: I found the cause: http://southbrain.com/south/2011/05/solaris-10-crontab-ignored-for.html
its 'locked password in /etc/shadow:'