New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
login.defs: Add LASTLOG_UID_MAX variable to limit lastlog to small uids. #142
Conversation
As the large uids are usually provided by remote user identity and authentication service, which also provide user login tracking, there is no need to create a huge sparse file for them on every local machine.
If this is accepted, I will add the support also to pam_lastlog. |
Cool, I'm going to support this feature in util-linux login.c too. |
Ping @hallyn, what do you think about this? |
Seems reasonable to me, thanks. |
Well, but let me ask - would it seem more conservative to make the default, if the variable is unspecified, be 4294967295, i.e. so noone's behavior changes by default, then distros/packages can be encouraged to ship 99999 as the default in their default login.defs? |
It works for me either way. If this conservative approach is preferred by you, please tell me and I will update the patch. |
I've come to conclusion that the conservative approach is the right one. Pushed fixup commit. |
Thanks. |
this got now merged with |
Oh, in general I prefer for the submitter to do the git rebase. I don't like to mangle other people's submissions, though maybe I should... It's only been a few hours, I can rebase and force-push if you far prefer. |
The fixup commits purpose is to be autosquashed, so please do. |
Hm, never heard of those, though I see they are nowhere near new. |
This new variable allows to keep lastlog file small and filter out things like huge nfsnobody UIDs. The variable is also supported by shadow-utils (adduser, etc.). Addresses: shadow-maint/shadow#142 Signed-off-by: Karel Zak <kzak@redhat.com>
As the large uids are usually provided by remote user identity and
authentication service, which also provide user login tracking,
there is no need to create a huge sparse file for them on every local
machine.