pam_unix generates a lot of open/close sessions for my domain user

I setup a new VPS with ubuntu 18.04, including virtualmin/usermin. In auth.log I see a lot of

su[12936]: Successful su for domain by root
su[12936]: + ??? root:domain 
systemd-logind[148]: New session c315 of user domain .
su[12936]: pam_unix(su:session): session opened for user domain by (uid=0)
su[12936]: pam_unix(su:session): session closed for user domain 

in syslog, I see a lot of

systemd[1]: Started Session c314 of user domain.
systemd[1]: Started Session c315 of user domain.

domain is the user of my virtual server defined in the VPS. c314/c315 increased by 1 each time... It used to appear every 2-3 minutes, now it's every 5 minutes.

Reading on the internet about this, all the "solutions" were how to remove this logging from the log but nothing was explaining what are all those open/close sessions in the first place.

Also, when running loginctl list-sessions those sessions are accumulated in "active=yes" and "state=closing" mode and never disappear from the list. At the moment there are 95 such sessions.

What is happening on my VPS, who is opening/closing sessions so many times and why? Also, why those sessions never disappear from the sessions list?

Thanks

update

loginctl session-status c315
c315 - domain (1000)
           Since: Sat 2020-02-08 20:27:08 UTC; 23h ago
          Leader: 12936
             TTY: ???
          Remote: user root
         Service: su; type tty; class user
           State: closing
            Unit: session-c315.scope

Unit user-1000.slice (/user.slice/user-1000.slice):
└─session-2691929.scope
├─19035 sshd: domain [priv]
├─19051 sshd: domain@pts/0
├─19052 -bash
├─20124 sudo systemd-cgls -u user-1000.slice
├─20125 systemd-cgls -u user-1000.slice
└─20126 pager

Here is the source! cloudmin.com/node/54674 question remains about why session remain open....

w/who show only my own session but loginctl list-sessions shows 652 (and counting) sessions... what are those sessions in loginctl list-sessions?

oh, one more thing: I connected as root using ssh, exited and re-connected with root and waited. Both sessions were in loginctl list-sessions....

what do you mean by "keep a root shell active"? I understand that the change simply won't list those sessions, it won't really "fix" the problem itself, right?

I mean: keep a shell running as root open, not just a shell that can sudo or su to root, because breaking PAM will stop you from becoming root again. The second workaround will stop the creation of systemd-logind sessions, it doesn't fix what's wrong with those already created.

Virtualmin has a reason for opening those sessions and I prefer not to break them without knowing what I'm doing. I posted a question in virtualmin forum, but it's the community so I hope I will get some answers

Virtualmin just wants to execute a command, (openssl according to your link), it doesn't need any kind of session. A session is just a way to keep common processes together.

I admit that I'm a bit afraid of doing that, that's a production server...

I got a test vps, installed centos7 + virtualmin and I see 9 sessions, 7 of them are of the domain user, 2 of root. There is no increase over time but those 9 are there with no intention to go away. I see a session created for root (not for the domain user!) every 5 minutes but it’s not on the list. I wonder if it’s a bug with ubuntu 18.04.4 or a switch I forgot to turn on or off. ssh sessions also remain in the list for good. I setup this vps quickly to test it and not the comprehensive setup I did with my real VPS.

After several hours I have 14 sessions in the list (5 new are of root and not the domain user). I remind you that this is one difference from ubuntu, the open/close was of root and not of the domain user. Looks like the issue is happening also with centos but with much less effect. The question remains whether it's an ubuntu problem or a setting of some kind.

The question is whether those sessions contain processes or are empty.

I'm back to my server, will a pstree -p output help here?