How do I permanently delete /var/log/lastlog?

Posted by GregB on Super User See other posts from Super User or by GregB
Published on 2012-04-10T21:10:02Z Indexed on 2012/04/10 23:32 UTC
Read the original article Hit count: 253

Filed under:
|
|

My /var/log/lastlog file is huge. I know it's really only a few kilobytes, but tar isn't smart enough to know that, so when I image a virtual machine, my restore fails because it thinks I'm trying to load more data than I have capacity on my disk.

I want to delete /var/log/lastlog and stop any and all logging to the file. I'm aware of the security implications. This logging needs to stop to preserve my backup strategy.

I've made a change to /etc/pam.d/login which I was told would disable logging to /var/log/lastlog, but it does not appear to work as /var/log/lastlog keeps growing.

# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
#session    optional   pam_lastlog.so

Any ideas?

EDIT

For anyone interested, I use Centrify Express to authenticate my users via LDAP. Centrify Express is "free", but one of the drawbacks is that I can't manage user UIDs via LDAP, so they are given a dynamic UID when they login to a server. Centrify picks some crazy high UID values (so they don't conflict with local users on the server, presumably). /var/log/lastlog is indexed by UID, and grows to accommodate the largest UID on the system. This means that when a Centrify user logs in, they get a UID in the upper-end of the UID range, which causes lastlog to allocate an obscene amount of space, according to the file system.

~$ ll /var/log/lastlog
-rw-rw-r-- 1 root root 291487675780 Apr 10 16:37 /var/log/lastlog
~$ du -h /var/log/lastlog
20K     /var/log/lastlog

More Into ---> Sparse Files

© Super User or respective owner

Related posts about ubuntu

Related posts about pam