Jack Brown wrote:
Hi,
I'm curious, why we don't create a /var/log/faillog file when we create the other log files for shadow? I've been using it on my own system for quite a while and it seems to work fine with login from shadow.
I'm also wondering if I should be making my faillog writable by the utmp group. I browsed through the archives a bit but I couldn't find any rational for why some log files are chgrp'ed while others are not.
On my own system the only other file that belongs to the utmp group is /usr/libexec/gnome-pty-helper. (vte complains duing make install if utmp group isn't present) from what I've read in other places on the web, it seems like in order to use the utmp group, executables which expect to be able to write to utmp, etc., need to be setgid utmp, but we never explicitly modify any programs to make use of this in LFS or BLFS.
It can be a security problem. Sometimes users type in their password when the system is asking for a username. Then passwords get logged without encryption. If you want to log failures, you can set up PAM to do it.
-- Bruce
Well, we do log failures in /var/log/btmp, and when I run the faillog command it only lists faild logins by recognised users. lastb does report the logins by unrecognised users, but just list's them as unknown. Also without the log file, the faillog command which we do install as part of the base system (as part of a PAM-less shadow) will not work.
Jack Brown -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
