Bug 167200 - finger reports "never logged in" if run as non-root
finger reports "never logged in" if run as non-root
Product: Fedora
Classification: Fedora
Component: finger (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Radek Vokal
Mike McLean
Depends On:
  Show dependency treegraph
Reported: 2005-08-31 10:53 EDT by Wayne Pollock
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-06 21:38:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Wayne Pollock 2005-08-31 10:53:59 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6

Description of problem:
"finger user" reports "user" never logged in, when in fact they have.  If finger is run as root, it reports last login correctly (sanitized output):
$ finger user
Login: user                             Name: (null)
Directory: /home/user                   Shell: /bin/bash
Never logged in.
No mail.
No Plan.
$ last user
user     pts/2        XXX Mon Aug 29 20:31 - 20:48  (00:17)
user     pts/0        YYY Mon Aug 29 16:56 - 16:56  (00:00)
lea00    pts/0        YYY Mon Aug 29 16:55 - 16:55  (00:00)
lea00    pts/0        YYY Mon Aug 29 16:54 - 16:55  (00:00)

wtmp begins Tue Aug  2 13:57:36 2005
$ su
# finger user
Login: user                             Name: (null)
Directory: /home/user                   Shell: /bin/bash
Last login Mon Aug 29 20:31 (EDT) on pts/2 from XXX
No mail.
No Plan.

# ls -l /var/log/wtmp
-rw-rw-r--  1 root utmp 158976 Aug 31 10:36 /var/log/wtmp
# lsattr /var/log/wtmp
------------- /var/log/wtmp
# getsebool -a |egrep 'wtmp|finger'
fingerd_disable_trans --> inactive
# ls -Z /var/log/wtmp
-rw-rw-r--  root     utmp     system_u:object_r:wtmp_t         /var/log/wtmp
# egrep 'wtmp|finger' /var/log/audit/*

(note how non-root users can use "last"!  Thus I don't think this is a wtmp security issue?)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. finger user
3.finger user

Actual Results:  non-root users can't see last login time with finger

Expected Results:  non-root users should show correct times, as reported by last

Additional info:
Comment 1 Radek Vokal 2005-09-01 10:48:03 EDT
Finger gets information about last login from /var/log/lastlog which is not user
readable. That's why user can't see any information. On the other hand, `last`
uses /var/log/wtmp which is word readable. I'm not quite sure why the
permissions on these two files differ. 
Comment 3 Wayne Pollock 2005-09-01 11:14:27 EDT
Not only are the permissions wrong (since at least FC2), but the file is
never rotated!  Like wtmp it isn't owned by any package, although this is
# rpm -qf /var/log/lastlog
# rpm -qf /var/log/wtmp

I have made the following fixes, I suggest they be adopted:

(1) chmod a+r /var/log/lastlog

(2) Added the following to the end of /etc/logrotate.conf:

/var/log/lastlog {
    size 10M
    create 0644 root root

(3)  Fix the finger man page to show this file in the FILES section, and add the
"lastlog" command to the "SEE ALSO" section.
Comment 4 Bill Nottingham 2005-09-01 13:22:46 EDT
lastlog shouldn't be rotated! It's not a log file as such.
Comment 6 Wayne Pollock 2005-09-01 13:36:11 EDT
???  Then what stops this file from growing to fill the disk?

wtmp isn't a log file either, but it does get rotated, so
I figure what's good enough for wtmp should be good enough
for lastlog!

And, did you notice it appears to be "owned" by two different
packages?  I meant to suggest fixing that too, as (4).
Comment 7 Bill Nottingham 2005-09-01 14:01:48 EDT
lastlog will never grow beyond a fixed size, which is relative to the highest
user  id on the system. (And, it's a sparse file, so it normally doesn't take up
significant space anyway.
Comment 17 Fedora Update System 2005-09-06 21:06:54 EDT
From User-Agent: XML-RPC

util-linux-2.12p-9.9 setup-2.5.44-1.1 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.