login.defs: Add LASTLOG_UID_MAX variable to limit lastlog to small uids. #142
Conversation
As the large uids are usually provided by remote user identity and authentication service, which also provide user login tracking, there is no need to create a huge sparse file for them on every local machine.
|
If this is accepted, I will add the support also to pam_lastlog. |
|
Cool, I'm going to support this feature in util-linux login.c too. |
|
Ping @hallyn, what do you think about this? |
|
Seems reasonable to me, thanks. |
|
Well, but let me ask - would it seem more conservative to make the default, if the variable is unspecified, be 4294967295, i.e. so noone's behavior changes by default, then distros/packages can be encouraged to ship 99999 as the default in their default login.defs? |
|
It works for me either way. If this conservative approach is preferred by you, please tell me and I will update the patch. |
|
I've come to conclusion that the conservative approach is the right one. Pushed fixup commit. |
|
Thanks. |
|
this got now merged with |
|
Oh, in general I prefer for the submitter to do the git rebase. I don't like to mangle other people's submissions, though maybe I should... It's only been a few hours, I can rebase and force-push if you far prefer. |
|
The fixup commits purpose is to be autosquashed, so please do. |
|
Hm, never heard of those, though I see they are nowhere near new. |
This new variable allows to keep lastlog file small and filter out things like huge nfsnobody UIDs. The variable is also supported by shadow-utils (adduser, etc.). Addresses: shadow-maint/shadow#142 Signed-off-by: Karel Zak <kzak@redhat.com>
As the large uids are usually provided by remote user identity and
authentication service, which also provide user login tracking,
there is no need to create a huge sparse file for them on every local
machine.