On Sun, Jul 16, 2017 at 12:01:56PM +0200, Václav Ovsík wrote: > OMG, I don't looked into /var/log/auth.log :( > > Jul 16 11:57:57 rt2 runuser: pam_unix(runuser:session): session closed for > user postgres > Jul 16 11:57:57 rt2 runuser: pam_unix(runuser:session): session opened for > user postgres by (uid=0) > Jul 16 11:57:57 rt2 runuser: pam_unix(runuser:session): session closed for > user postgres > Jul 16 11:57:57 rt2 runuser: pam_unix(runuser:session): session opened for > user postgres by (uid=0) > Jul 16 11:57:57 rt2 runuser: pam_unix(runuser:session): session closed for > user postgres > > ...flooding moved into /var/log/auth.log. > > No, I'm going back to LogLevel notice setting of systemd. :(
With su is /var/log/auth.log flooded too, I didn't noticed before :-/ (logcheck was filtering this). So the last chance is probably the utility setpriv mentioned in the runuser manpage. Unfortunately the utility is in the optional package with the same name and must by installed additionally. I will try tomorrow and write about it. -- Zito
