On Feb 14, 2012, at 6:25 AM, Andrew Benton wrote:
> On Mon, 13 Feb 2012 16:53:25 -0800
> Qrux <[email protected]> wrote:
>
>> "Empirical" testing shows that login writes to btmp. I infer, from that
>> description given at TLDP, that everything that logs a bad-login attempt
>> (e.g., login) ought to be writing to this file. It is NOT an SSH-specific
>> thing.
>
> You appear to be wrong. login writes to /var/log/wtmp,
> not /var/login/btmp
This is from /etc/login.defs:
=====================================================================
xlapp [/var/log] # grep FTMP_FILE /etc/login.defs
FTMP_FILE /var/log/btmp
=====================================================================
This is from src/login.c in the shadow package.
=====================================================================
if (getdef_str ("FTMP_FILE") != NULL) {
#ifdef USE_UTMPX
struct utmpx *failent =
prepare_utmpx (failent_user,
tty,
/* FIXME: or fromhost? */hostname,
utent);
#else /* !USE_UTMPX */
struct utmp *failent =
prepare_utmp (failent_user,
tty,
hostname,
utent);
#endif /* !USE_UTMPX */
failtmp (failent_user, failent);
free (failent);
}
=====================================================================
Are you *sure* that login doesn't write to /var/log/btmp? Did you try your
test before or after you changed the permissions on btmp?
Q
--
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page
