How do I permanently delete /var/log/lastlog?
Posted
by
GregB
on Super User
See other posts from Super User
or by GregB
Published on 2012-04-10T21:10:02Z
Indexed on
2012/04/10
23:32 UTC
Read the original article
Hit count: 253
My /var/log/lastlog file is huge. I know it's really only a few kilobytes, but tar isn't smart enough to know that, so when I image a virtual machine, my restore fails because it thinks I'm trying to load more data than I have capacity on my disk.
I want to delete /var/log/lastlog and stop any and all logging to the file. I'm aware of the security implications. This logging needs to stop to preserve my backup strategy.
I've made a change to /etc/pam.d/login which I was told would disable logging to /var/log/lastlog, but it does not appear to work as /var/log/lastlog keeps growing.
# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
#session optional pam_lastlog.so
Any ideas?
EDIT
For anyone interested, I use Centrify Express to authenticate my users via LDAP. Centrify Express is "free", but one of the drawbacks is that I can't manage user UIDs via LDAP, so they are given a dynamic UID when they login to a server. Centrify picks some crazy high UID values (so they don't conflict with local users on the server, presumably). /var/log/lastlog is indexed by UID, and grows to accommodate the largest UID on the system. This means that when a Centrify user logs in, they get a UID in the upper-end of the UID range, which causes lastlog to allocate an obscene amount of space, according to the file system.
~$ ll /var/log/lastlog
-rw-rw-r-- 1 root root 291487675780 Apr 10 16:37 /var/log/lastlog
~$ du -h /var/log/lastlog
20K /var/log/lastlog
More Into ---> Sparse Files
© Super User or respective owner