On Tue, 2021-04-13 at 15:26 +0200, Chris Hofstaedtler wrote: > This will then silently hide login failures from userids larger than > this ID? Given the original submitter has a user with uid 379400000, > why whould this not be logged? > > If they didn't want those uids to be used, maybe dont assign them? > > Chris
I think login.defs(5) says it best: "As higher user IDs are usually tracked by remote user identity and authentication services there is no need to create a huge sparse lastlog file for them." The design of the lastlog format means you either have an apparantly huge (sparse) file, which causes problems for badly written backup software, or you don't record information for users with high UIDs in this file at all. In any case, it looks like OpenSSH has its own code to read/write to /var/log/lastlog, rather than using pam_lastlog, so in any case changing login.defs wouldn't be sufficient. -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
signature.asc
Description: This is a digitally signed message part