Bug 246148 - lastlog incorrectly shows root as **Never logged in**
lastlog incorrectly shows root as **Never logged in**
Product: Fedora
Classification: Fedora
Component: sysklogd (Show other bugs)
All Linux
low Severity high
: ---
: ---
Assigned To: Peter Vrabec
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-06-28 16:21 EDT by Bruce Brackbill
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-06-29 08:09:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bruce Brackbill 2007-06-28 16:21:57 EDT
Description of problem:

I don't know if this is two bugs or one.
First, lastlog does NOT show in its list any users i'v added ( including me,
bruce, which i added at system installation)
Second, lastlog DOES show root user in its list, but as **Never logged in**
which is incorrect.

[root@localhost ~]$ lastlog
Username         Port     From             Latest
root                                       **Never logged in**
bin                                        **Never logged in**
daemon                                     **Never logged in**
adm                                        **Never logged in**
lp                                         **Never logged in**
sync                                       **Never logged in**
shutdown                                   **Never logged in**
halt                                       **Never logged in**
mail                                       **Never logged in**
news                                       **Never logged in**
uucp                                       **Never logged in**
operator                                   **Never logged in**
games                                      **Never logged in**
gopher                                     **Never logged in**
ftp                                        **Never logged in**
nobody                                     **Never logged in**
vcsa                                       **Never logged in**
rpc                                        **Never logged in**
ntp                                        **Never logged in**
nscd                                       **Never logged in**
apache                                     **Never logged in**
mailnull                                   **Never logged in**
smmsp                                      **Never logged in**
sshd                                       **Never logged in**
rpcuser                                    **Never logged in**
tcpdump                                    **Never logged in**
rpm                                        **Never logged in**
dbus                                       **Never logged in**
avahi                                      **Never logged in**
torrent                                    **Never logged in**
xfs                                        **Never logged in**
haldaemon                                  **Never logged in**
gdm                                        **Never logged in**
hsqldb                                     **Never logged in**

Missing from the above list is users bruce and lisa and root shows as **Never
logged in** which is incorrect.

Furthermore, the command "last" does show login information for root, bruce and

[root@localhost ~]# last
bruce    pts/1        :0.0             Thu Jun 28 12:50   still logged in   
bruce    pts/0        :0.0             Thu Jun 28 12:27   still logged in   
bruce    pts/0        :0.0             Thu Jun 28 12:27 - 12:27  (00:00)    
bruce    :0                            Thu Jun 28 12:25   still logged in   
root     pts/0        :0.0             Thu Jun 28 12:23 - 12:25  (00:01)    
root     :0                            Thu Jun 28 12:23 - 12:25  (00:02)    
lisa   :0                            Sun Jun 10 11:48 - 11:50  (00:01)  

How reproducible:

Type lastlog at the prompt ( as root or user ) and root user incorrectly shows
as **Never logged in** and regular users are missing from the list.

Expected results:

lastlog should correctly show all users and when the users were last logged in.
Comment 1 Peter Vrabec 2007-06-29 04:40:42 EDT
I can't reproduce it. :(

# useradd foo
# lastlog | grep foo
foo                                        **Never logged in**
# passwd foo
Changing password for user foo.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
# ssh foo@localhost
foo@localhost's password:
$ lastlog | grep foo
foo              pts/1    localhost.locald Fri Jun 29 12:39:09 +0400 2007

# rpm -q shadow-utils
# rpm -q fedora-release

Comment 2 Bruce Brackbill 2007-06-29 06:49:23 EDT
Peter, thanks for your quick response.

I guess I was misunderstanding how lastlog works and how it is different than
last. I incorrectly thought that a "su" or regular user login at boot would show
in lastlog.

I see now that lastlog only records remote logins from such things as sshd.  And
I had disabled sshd on this box, and had never remotely logged in.  I enabled
sshd and ssh'd into a user and the login was now displayed via lastlog just fine.

What got me going on this was the chkrootkit warning:
"Checking `z2'... user root deleted or never logged from lastlog!"

Also, it's interesting that the manpage for lastlog does not state that it logs
only remote logins and not local logins.

Comment 3 Peter Vrabec 2007-06-29 08:09:50 EDT
lastlog works also with local logins on tty1 for example.

Note You need to log in before you can comment on or make changes to this bug.