login: add support for login.defs(5) LASTLOG_UID_MAX
This new variable allows to keep lastlog file small and filter out things like huge nfsnobody UIDs. The variable is also supported by shadow-utils (adduser, etc.). Addresses: https://github.com/shadow-maint/shadow/pull/142/ Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
parent
623427456e
commit
1a83c00d88
|
@ -256,6 +256,17 @@ to change directory to her home. The default value is
|
|||
.IR yes .
|
||||
.RE
|
||||
.PP
|
||||
.B LASTLOG_UID_MAX
|
||||
(unsigned number)
|
||||
.RS 4
|
||||
Highest user ID number for which the lastlog entries should be
|
||||
updated. As higher user IDs are usually tracked by remote user
|
||||
identity and authentication services there is no need to create
|
||||
a huge sparse lastlog file for them. No LASTLOG_UID_MAX option
|
||||
present in the configuration means that there is no user ID limit
|
||||
for writing lastlog entries.
|
||||
.RE
|
||||
.PP
|
||||
.B LOG_UNKFAIL_ENAB
|
||||
(boolean)
|
||||
.RS 4
|
||||
|
|
|
@ -503,6 +503,9 @@ static void log_lastlog(struct login_context *cxt)
|
|||
if (!cxt->pwd)
|
||||
return;
|
||||
|
||||
if (cxt->pwd->pw_uid > (uid_t) getlogindefs_num("LASTLOG_UID_MAX", ULONG_MAX))
|
||||
return;
|
||||
|
||||
/* lastlog is huge on systems with large UIDs, ignore SIGXFSZ */
|
||||
memset(&sa, 0, sizeof(sa));
|
||||
sa.sa_handler = SIG_IGN;
|
||||
|
|
Loading…
Reference in New Issue