root 不能正常执行 crontab 任务问题分析

1. 报错

   pam_access(crond:account): access denied for user `root' from `cron'
   

2. 分析

   /var/log/secure 日志说明root没有权限执行cron
   我们看 /etc/cron.allow 是有权限的。
   # cat /etc/cron.allow
   root
   chkusr
   
   
   pam_access 这个pam模块报出来的，我们看看该文件内容是不是标准的：
   # cat /etc/pam.d/crond
   #
   # The PAM configuration file for the cron daemon
   #
   #
   # No PAM authentication called, auth modules not needed
   account    required   pam_access.so      <<<<<<<< 问题在这，这行表示用户需要访问权限才能运行cron
   account    include    password-auth
   session    required   pam_loginuid.so
   session    include    password-auth
   auth       include    password-auth
   
   这个模块需要用户输入用户名和密码才能执行cron
   

3. 解决

   删除这行即可.
   

4. 疑惑
   你可能会问：为什么时间同步和监控能正常工作呢？
   这是因为主机初始化后这些程序已经在运行了. 如果进程异常crash或者被kill，机器没重启，没有cron是起不来的。
   这就会引发时间慢慢不准，监控数据采集不到，其他定时任务无法执行等等问题。

# cat /etc/rc.local
#!/bin/sh

# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.

touch /var/lock/subsys/local
/usr/sbin/ntpdate ntpupdate.tencentyun.com >/dev/null 2>&1 &
#secu_agent init monitor, install at Wed Sep 27 10:39:02 CST 2017
/usr/local/sa/agent/init_check.sh  > /dev/null 2>&1
/usr/local/qcloud/rps/set_rps.sh >/tmp/setRps.log 2>&1
/usr/local/qcloud/irq/net_smp_affinity.sh >/tmp/net_affinity.log 2>&1

5. 亡羊补牢
   悲剧又一次重演，有标准文档，为什么不仔细看，在错误的道路上越走越远……