Bug 167200

Summary: finger reports "never logged in" if run as non-root
Product: [Fedora] Fedora Reporter: Wayne Pollock <pollock>
Component: fingerAssignee: Radek Vokál <rvokal>
Status: CLOSED ERRATA QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: kzak, notting
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-07 01:38:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Wayne Pollock 2005-08-31 14:53:59 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6

Description of problem:
"finger user" reports "user" never logged in, when in fact they have.  If finger is run as root, it reports last login correctly (sanitized output):
$ finger user
Login: user                             Name: (null)
Directory: /home/user                   Shell: /bin/bash
Never logged in.
No mail.
No Plan.
$ last user
user     pts/2        XXX Mon Aug 29 20:31 - 20:48  (00:17)
user     pts/0        YYY Mon Aug 29 16:56 - 16:56  (00:00)
lea00    pts/0        YYY Mon Aug 29 16:55 - 16:55  (00:00)
lea00    pts/0        YYY Mon Aug 29 16:54 - 16:55  (00:00)

wtmp begins Tue Aug  2 13:57:36 2005
$ su
Password:
# finger user
Login: user                             Name: (null)
Directory: /home/user                   Shell: /bin/bash
Last login Mon Aug 29 20:31 (EDT) on pts/2 from XXX
No mail.
No Plan.

# ls -l /var/log/wtmp
-rw-rw-r--  1 root utmp 158976 Aug 31 10:36 /var/log/wtmp
# lsattr /var/log/wtmp
------------- /var/log/wtmp
# getsebool -a |egrep 'wtmp|finger'
fingerd_disable_trans --> inactive
# ls -Z /var/log/wtmp
-rw-rw-r--  root     utmp     system_u:object_r:wtmp_t         /var/log/wtmp
# egrep 'wtmp|finger' /var/log/audit/*
#

(note how non-root users can use "last"!  Thus I don't think this is a wtmp security issue?)

Version-Release number of selected component (if applicable):
finger-0.17-28

How reproducible:
Always

Steps to Reproduce:
1. finger user
2.su
3.finger user
  

Actual Results:  non-root users can't see last login time with finger

Expected Results:  non-root users should show correct times, as reported by last

Additional info:
Comment 1 Radek Vokál 2005-09-01 14:48:03 UTC 
Finger gets information about last login from /var/log/lastlog which is not user
readable. That's why user can't see any information. On the other hand, `last`
uses /var/log/wtmp which is word readable. I'm not quite sure why the
permissions on these two files differ.
Comment 3 Wayne Pollock 2005-09-01 15:14:27 UTC 
Not only are the permissions wrong (since at least FC2), but the file is
never rotated!  Like wtmp it isn't owned by any package, although this is
interesting:
# rpm -qf /var/log/lastlog
setup-2.5.33-1
shadow-utils-4.0.3-55
# rpm -qf /var/log/wtmp
initscripts-7.55.2-1

I have made the following fixes, I suggest they be adopted:

(1) chmod a+r /var/log/lastlog

(2) Added the following to the end of /etc/logrotate.conf:

/var/log/lastlog {
    size 10M
    create 0644 root root
}

(3)  Fix the finger man page to show this file in the FILES section, and add the
"lastlog" command to the "SEE ALSO" section.
Comment 4 Bill Nottingham 2005-09-01 17:22:46 UTC 
lastlog shouldn't be rotated! It's not a log file as such.
Comment 6 Wayne Pollock 2005-09-01 17:36:11 UTC 
???  Then what stops this file from growing to fill the disk?

wtmp isn't a log file either, but it does get rotated, so
I figure what's good enough for wtmp should be good enough
for lastlog!

And, did you notice it appears to be "owned" by two different
packages?  I meant to suggest fixing that too, as (4).
Comment 7 Bill Nottingham 2005-09-01 18:01:48 UTC 
lastlog will never grow beyond a fixed size, which is relative to the highest
user  id on the system. (And, it's a sparse file, so it normally doesn't take up
significant space anyway.
Comment 17 Fedora Update System 2005-09-07 01:06:54 UTC 
From User-Agent: XML-RPC

util-linux-2.12p-9.9 setup-2.5.44-1.1 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.