Help CenterProblem:
Cron jobs are unable to execute on Ubuntu-based EC2 images.
Symptoms:
The following messages appear in /var/log/syslog:
Mar 21 08:17:01 ip-172-31-42-94 CRON[2030]: Permission denied Mar 21 08:28:01 ip-172-31-42-94 cron[2030]: Permission denied
And in /var/log/auth.log:
Mar 21 08:17:01 ip-172-31-42-94 CRON[2030]: PAM bad jump in stack Mar 21 09:17:01 ip-172-31-42-94 CRON[2232]: PAM bad jump in stack
Cause:
There is an error in the /etc/pam.d/common-auth file that is causing the PAM authentication stack to get corrupted in certain use cases. This is a result of the PKCS#11 modules that are installed as a part of the operating system baselining process.
Solution:
Remove or comment out the last line in /etc/pam.d/common-auth:
ubuntu@ip-172-31-42-94:~$ sudo su - root@ip-172-31-42-94:~# grep -v pam_pkcs11.so /etc/pam.d/common-auth > /etc/pam.d/common-auth.new root@ip-172-31-42-94:~# mv /etc/pam.d/common-auth /etc/pam.d/common-auth.old && mv /etc/pam.d/common-auth.new /etc/pam.d/common-auth root@ip-172-31-42-94:~# tail -3 /etc/pam.d/common-auth # end of pam-auth-update config auth required pam_faildelay.so delay=4000000 auth required pam_tally2.so onerr=fail deny=3
This issue will be corrected in subsequent AMI releases.