Knute Johnson wrote: >> When I log in remotely to my FC5 box two sshd processes with usually >> consecutive pids are created? The original sshd process is still >> there too. > > Any ideas then why one of them logs its time in UTC and the other > local? > > May 24 22:43:13 rabbitbrush sshd[4258]: Accepted publickey for knute > from 208.1.40.46 port 1614 ssh2 > May 25 05:43:13 rabbitbrush sshd[4259]: Accepted publickey for knute > from 208.1.40.46 port 1614 ssh2 I agree that it is annoying to have incorrect logs. This problem has been raised before: http://www.redhat.com/archives/rhl-list/2006-March/msg03980.html http://www.redhat.com/archives/rhl-list/2006-April/msg00778.html but I don't see any reply about a solution and I didn't find an open bug for it. It looks like environmental variables are discarded for security reasons (try running "cat /proc/4258/environ", with the correct pid; there is no environment). I don't know if the two facts can be related. I just tried "strace -f" on the sshd daemon process: the following lines appear interesting [pid 9996] time(NULL) = 1148562034 [pid 9996] open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 9996] open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 9996] open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 9996] open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 9996] send(6, "<86>May 25 13:00:34 sshd[9996]: "..., 94, MSG_NOSIGNAL) = 94 The process (which is running as user "sshd") does not see the "/etc/localtime" file and logs a wrong time (13:00 instead of 15:00, in this case). I don't know why the file appears totally invisible to the process (chroot tricks?). Best regards. -- Roberto Ragusa mail at robertoragusa.it
