Red Hat Bugzilla – Bug 167200
finger reports "never logged in" if run as non-root
Last modified: 2007-11-30 17:11:12 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 Description of problem: "finger user" reports "user" never logged in, when in fact they have. If finger is run as root, it reports last login correctly (sanitized output): $ finger user Login: user Name: (null) Directory: /home/user Shell: /bin/bash Never logged in. No mail. No Plan. $ last user user pts/2 XXX Mon Aug 29 20:31 - 20:48 (00:17) user pts/0 YYY Mon Aug 29 16:56 - 16:56 (00:00) lea00 pts/0 YYY Mon Aug 29 16:55 - 16:55 (00:00) lea00 pts/0 YYY Mon Aug 29 16:54 - 16:55 (00:00) wtmp begins Tue Aug 2 13:57:36 2005 $ su Password: # finger user Login: user Name: (null) Directory: /home/user Shell: /bin/bash Last login Mon Aug 29 20:31 (EDT) on pts/2 from XXX No mail. No Plan. # ls -l /var/log/wtmp -rw-rw-r-- 1 root utmp 158976 Aug 31 10:36 /var/log/wtmp # lsattr /var/log/wtmp ------------- /var/log/wtmp # getsebool -a |egrep 'wtmp|finger' fingerd_disable_trans --> inactive # ls -Z /var/log/wtmp -rw-rw-r-- root utmp system_u:object_r:wtmp_t /var/log/wtmp # egrep 'wtmp|finger' /var/log/audit/* # (note how non-root users can use "last"! Thus I don't think this is a wtmp security issue?) Version-Release number of selected component (if applicable): finger-0.17-28 How reproducible: Always Steps to Reproduce: 1. finger user 2.su 3.finger user Actual Results: non-root users can't see last login time with finger Expected Results: non-root users should show correct times, as reported by last Additional info:
Finger gets information about last login from /var/log/lastlog which is not user readable. That's why user can't see any information. On the other hand, `last` uses /var/log/wtmp which is word readable. I'm not quite sure why the permissions on these two files differ.
Not only are the permissions wrong (since at least FC2), but the file is never rotated! Like wtmp it isn't owned by any package, although this is interesting: # rpm -qf /var/log/lastlog setup-2.5.33-1 shadow-utils-4.0.3-55 # rpm -qf /var/log/wtmp initscripts-7.55.2-1 I have made the following fixes, I suggest they be adopted: (1) chmod a+r /var/log/lastlog (2) Added the following to the end of /etc/logrotate.conf: /var/log/lastlog { size 10M create 0644 root root } (3) Fix the finger man page to show this file in the FILES section, and add the "lastlog" command to the "SEE ALSO" section.
lastlog shouldn't be rotated! It's not a log file as such.
??? Then what stops this file from growing to fill the disk? wtmp isn't a log file either, but it does get rotated, so I figure what's good enough for wtmp should be good enough for lastlog! And, did you notice it appears to be "owned" by two different packages? I meant to suggest fixing that too, as (4).
lastlog will never grow beyond a fixed size, which is relative to the highest user id on the system. (And, it's a sparse file, so it normally doesn't take up significant space anyway.
From User-Agent: XML-RPC util-linux-2.12p-9.9 setup-2.5.44-1.1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.