Description of problem: With a Raw Hide install I'm getting spam in /var/log/secure like: Mar 21 09:44:23 trash sshd[12324]: Accepted publickey for jorton from ::ffff:172.16.18.90 port 42150 ssh2 Mar 21 09:44:23 trash sshd[12324]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory Mar 21 09:44:23 trash sshd[12324]: lastlog_openseek: /var/log/lastlog is not a file or director Version-Release number of selected component (if applicable): openssh-3.9p1-12
This is a regression caused by the fix for bug 139539 in the setup package. I don't think this is a sshd bug, for example the login binary doesn't work well with missing lastlog file too (it won't create the file, so the last login information is lost). I'd suggest touching the lastlog file in the post install script of the setup package if it has to be %ghost and not %config.
This is *theoretically* created by useradd; did the behavior change there?
If it changed it is not a recent change - on a FC3 box: root@perun:~# ls -l /var/log/lastlog -r-------- 1 root root 146584 Mar 23 09:04 /var/log/lastlog root@perun:~# rm /var/log/lastlog rm: remove regular file `/var/log/lastlog'? y root@perun:~# useradd testuser2 root@perun:~# ls -l /var/log/lastlog ls: /var/log/lastlog: No such file or directory
Unfortunately, setup *cannot* have prereqs, as it would create an unsolvable dependency loop. So, the creation would have to be somewhere else. :/ Candidates are shadow-utils, sysklogd, logrotate, util-linux... ?
I vote for util-linux then as login is a part of the package. Should the util-linux package also own the file as %ghost?
If it creates it, probably.
The login doesn't create /var/log/lastlog :-( I don't know how many programs write something to the 'lastlog', but I think each program that write something to 'lastlog' have to use something like: open(PATH_LASTLOG, O_RDWR | O_CREATE, 0) ^^^^^^^^^ Or is there any reason why only (any) install script should be create it? IMHO it's important file and it should be created always when it missing in system.
Well, the messages from sshd are from the portions that simply read it to get the last login time. I suppose you could argue that they could be silenced in that case, but I don't think making the file is correct there.
*** Bug 152635 has been marked as a duplicate of this bug. ***