On Friday, March 25, 2011 02:53:34 pm Boyce, Kevin P (AS) wrote: > The ausearch records root as the UID. > > The cat command returns a UID of 1386 which is my ldap account UID. > > Is there a way to prevent cron from inheriting my session (perhaps by > removing the session line in /etc/pam.d/crond)?
If you restarted the daemon, then it literally inherited your credentials and environment. The fix for this is rebooting the machine. This only happens if you restart sshd, crond, gdm, kdm, xdm since sessions start with them. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
