[Bug 1893716] Re: scripts in /etc/update-motd.d/ run even on login via non-interactive scp and sftp sessions
Christian Ehrhardt
1893716 at bugs.launchpad.net
Tue Mar 29 13:31:28 UTC 2022
Time and CPU consumption (results are rather consistent BTW):
Bionic
real 1m11.714s
user 0m2.577s
sys 0m0.410s
procs -----------------------memory---------------------- ---swap-- -----io---- -system-- --------cpu-------- -----timestamp-----
r b swpd free buff cache si so bi bo in cs us sy 17 0 0 2022-03-29 13:13:15
0 0 0 221036 28312 156980 0 0 0 2124 4319 1330 67 19 14 0 0 2022-03-29 13:13:20
1 0 0 196772 28320 158524 0 0 0 11 4290 1274 68 19 13 0 0 2022-03-29 13:13:25
...
Focal
real 0m44.742s
user 0m2.489s
sys 0m0.477s
procs -----------------------memory---------------------- ---swap-- -----io---- -system-- --------cpu-------- -----timestamp-----
r b swpd free buff cache si so bi bo in cs us sy id wa st UTC
1 0 0 42784 18448 267048 0 0 0 11 4554 3561 67 24 8 0 0 2022-03-29 13:14:13
1 0 0 37732 18456 269100 0 0 0 12 4577 3851 65 25 10 0 0 2022-03-29 13:14:18
1 0 0 18400 18464 270812 0 0 0 11 4554 3547 67 24 9 0 0 2022-03-29 13:14:23
Jammy
real 1m8.010s
user 0m2.436s
sys 0m0.484s
--procs-- -----------------------memory---------------------- ---swap-- -----io---- -system-- --------cpu-------- -----timestamp-----
r b swpd free buff cache si so bi bo in cs us sy id wa st UTC
0 0 0 58264 17760 258544 0 0 0 9 4374 1953 68 20 11 0 0 2022-03-29 13:15:20
1 0 0 32844 17772 260332 0 0 0 16 4352 1851 68 20 11 0 0 2022-03-29 13:15:25
1 0 0 49428 17784 262268 0 0 0 17 4387 1985 67 22 12 0 0 2022-03-29 13:15:30
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1893716
Title:
scripts in /etc/update-motd.d/ run even on login via non-interactive
scp and sftp sessions
Status in pam package in Ubuntu:
Confirmed
Status in update-motd package in Ubuntu:
Confirmed
Bug description:
My client has 200+ devices automatically uploading information via
sftp and scp to a server every few minutes. After a recent update, I
noticed the load on their server spiking through the roof. Upon
investigation, I discovered a horde of landscape-sysinfo and
/usr/bin/lsb_release processes running that correlated with login
session notifications in /var/log/syslog and the load spikes.
It appears that even in non-interactive sessions where this
information will never be seen, the configuration options below in
/etc/pam.d/sshd cause these items to be launched (in fact, probably
everything in /etc/update-motd.d). This only started on the system in
question after a recent set of system updates were installed.
The content of /etc/update-motd.d/* really, really, really shouldn't
be executed if the session in question is not interactive, as it
provides no value at all. Unfortunately, to disable it for these non-
interactive sessions, we also have to disable it for the interactive
ones as well where it has some value (though not enough to make
spiking the load on this server through the roof an acceptable
tradeoff).
# Print the message of the day upon successful login.
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
#session optional pam_motd.so motd=/run/motd.dynamic
#session optional pam_motd.so noupdate
Also, looking at the script 00-header in /etc/update-motd.d/,
/usr/bin/lsb_release is being improperly launched, as /etc/lsb_release
does include the necessary information:
[ -r /etc/lsb-release ] && . /etc/lsb-release
if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
# Fall back to using the very slow lsb_release utility
DISTRIB_DESCRIPTION=$(lsb_release -s -d)
fi
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.7 LTS"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1893716/+subscriptions
More information about the foundations-bugs
mailing list