When you see kernel.suid_dumpable = 1 appearing during script execution on Red Hat, it's actually the kernel reporting its current SUID dumpable setting. This is a security-related parameter that controls whether setuid programs can generate core dumps.

The three possible values are:

0 - (default) traditional behaviour - no core dumps
1 - dumpable for all processes
2 - (secure mode) only dumpable for explicitly marked processes

The message typically appears because either:

• Your script (or a command it calls) is checking this sysctl value
• The service restart operation triggers a security check
• There's an explicit sysctl call in your script

Here's what might be happening in your restart_nss.sh:

#!/bin/bash
# This line might be present
sysctl -n kernel.suid_dumpable

# Or the service might check it during restart
service nss restart

Value 1 means:

• Core dumps are allowed for all processes
• This could potentially expose sensitive information if programs crash
• It's generally safer to use 0 or 2 in production environments

To view the current setting:

sysctl kernel.suid_dumpable
# Or
cat /proc/sys/kernel/suid_dumpable

To temporarily change it:

sysctl -w kernel.suid_dumpable=0

For permanent change, add to /etc/sysctl.conf:

kernel.suid_dumpable = 0

Consider these additional measures:

# Disable core dumps completely
ulimit -c 0

# Or limit core dump directory
echo '|/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e' > /proc/sys/kernel/core_pattern

To suppress this message, you could:

1. Modify the script to redirect sysctl output
2. Adjust your logging configuration
3. Change the kernel parameter if appropriate for your environment

Example modification:

#!/bin/bash
# Redirect sysctl output if present
sysctl -n kernel.suid_dumpable >/dev/null 2>&1
service nss restart

---

The message kernel.suid_dumpable = 1 appearing during script execution relates to a Linux kernel parameter controlling core dump behavior for SUID (Set User ID) programs. This setting is managed through the /proc/sys/kernel/suid_dumpable file and has three possible values:

• 0 - (Default) Prevents SUID programs from generating core dumps
• 1 - Allows core dumps but restricts permissions
• 2 - Allows core dumps with regular permissions (potentially insecure)

Your script is likely modifying this kernel parameter, or another process is adjusting it before your script runs. To check the current value:

# Check current setting
cat /proc/sys/kernel/suid_dumpable

# Alternative method using sysctl
sysctl kernel.suid_dumpable

While this message isn't an error, understanding its implications is important for system security:

• Setting to 1 provides a balance between debugging capability and security
• Some applications may explicitly set this parameter during startup
• Security policies like SELinux might influence this setting

Here's a more robust version of a service restart script that handles this scenario:

#!/bin/bash

# Log kernel parameter state for debugging
echo "Current suid_dumpable value: $(cat /proc/sys/kernel/suid_dumpable)"

# Copy log files with proper permissions
LOGDIR="/var/log/service/"
BACKUPDIR="/var/log/service_backup/$(date +%Y%m%d)"

mkdir -p "$BACKUPDIR"
cp -p "$LOGDIR"*.log "$BACKUPDIR/"

# Restart service with proper error handling
if systemctl restart service_name; then
    echo "Service restarted successfully"
else
    echo "Service restart failed" >&2
    exit 1
fi

If you need to permanently set this parameter, edit /etc/sysctl.conf:

# Add or modify this line
kernel.suid_dumpable = 0

# Apply changes without reboot
sysctl -p

If this message is causing issues:

• Check all scripts running before yours with grep -r "suid_dumpable" /etc/
• Audit systemd unit files for the service you're restarting
• Inspect security policies that might affect core dump behavior