login: add support for login.defs(5) LASTLOG_UID_MAX

This new variable allows to keep lastlog file small and filter out things like huge nfsnobody UIDs. The variable is also supported by shadow-utils (adduser, etc.). Addresses: https://github.com/shadow-maint/shadow/pull/142/ Signed-off-by: Karel Zak <kzak@redhat.com>
2019-01-11 12:16:00 +01:00 · 2019-01-11 12:16:00 +01:00 · 1a83c00d88
parent 623427456e
commit 1a83c00d88
2 changed files with 14 additions and 0 deletions
--- a/login-utils/login.1
+++ b/login-utils/login.1
@ -256,6 +256,17 @@ to change directory to her home.  The default value is
 .IR yes .
 .RE
 .PP
+.B LASTLOG_UID_MAX
+(unsigned number)
+.RS 4
+Highest user ID number for which the lastlog entries should be
+updated.  As higher user IDs are usually tracked by remote user
+identity and authentication services there is no need to create
+a huge sparse lastlog file for them.  No LASTLOG_UID_MAX option
+present in the configuration means that there is no user ID limit
+for writing lastlog entries.
+.RE
+.PP
 .B LOG_UNKFAIL_ENAB
 (boolean)
 .RS 4
--- a/login-utils/login.c
+++ b/login-utils/login.c
@ -503,6 +503,9 @@ static void log_lastlog(struct login_context *cxt)
 	if (!cxt->pwd)
 		return;

+	if (cxt->pwd->pw_uid > (uid_t) getlogindefs_num("LASTLOG_UID_MAX", ULONG_MAX))
+		return;
+
 	/* lastlog is huge on systems with large UIDs, ignore SIGXFSZ */
 	memset(&sa, 0, sizeof(sa));
 	sa.sa_handler = SIG_IGN;