This is a test Fedora 30 server. I had been seeing the below logs
Sep 30 13:38:30 oldstorm sshd[2556]: debug1: server_input_global_request: rtype keepalive@openssh.com want_reply 1
Sep 30 13:39:01 oldstorm systemd: pam_unix(systemd-user:session): session opened for user student-user by (uid=0)
Sep 30 13:39:11 oldstorm systemd: pam_unix(systemd-user:session): session closed for user student-user
Sep 30 13:40:01 oldstorm systemd: pam_unix(systemd-user:session): session opened for user student-user by (uid=0)
So ran chage -E 0 student-user
But now I see these logs:
crond[xxxxx]: pam_unix(crond:account): account student-user has expired (account expired)
In the earlier logs this shows as UID=0
, which it clearly is not the root user. What else should I check? The last log mentions crond so could this be a cron task running?