[ Previous | Next | Table of Contents | Index | Library Home |
Legal |
Search ]
Files Reference
Defines the last login attributes
for users.
The
/etc/security/lastlog file is an ASCII file that contains stanzas
with the last login attributes for users. Each stanza is identified by
a user name and contains attributes in the
Attribute=Value form. Each attribute
is ended by a new-line character, and each stanza is ended by an additional
new-line character.
Each stanza can have the
following attributes:
| time_last_login
| Specifies the number of seconds since the epoch (00:00:00
GMT, January 1, 1970) since the last successful login. The value is a
decimal integer.
|
| tty_last_login
| Specifies the terminal on which the user last logged in. The value
is a character string.
|
| host_last_login
| Specifies the host from which the user last logged in. The value
is a character string.
|
| unsuccessful_login_count
| Specifies the number of unsuccessful login attempts since the last
successful login. The value is a decimal integer. This attribute
works in conjunction with the user's loginretries attribute, specified in
the /etc/security/user file, to lock the user's account after
a specified number of consecutive unsuccessful login attempts. Once the
user's account is locked, the user will not be able to log in until the
system administrator resets the user's unsuccessful_login_count attribute
to be less than the value of loginretries. To do this, enter the
following:
chsec -f
/etc/security/lastlog -s username -a \ unsuccessful_login_count=0
|
| time_last_unsuccessful_login
| Specifies the number of seconds since the epoch (00:00:00
GMT, January 1, 1970) since the last unsuccessful login. The value is a
decimal integer.
|
| tty_last_unsuccessful_login
| Specifies the terminal on which the last unsuccessful login attempt
occurred. The value is a character string.
|
| host_last_unsuccessful_login
| Specifies the host from which the last unsuccessful login attempt
occurred. The value is a character string.
|
All user database files should be
accessed through the system commands and subroutines defined for this
purpose. Access through other commands or subroutines may not be
supported in future releases.
The mkuser command creates a user stanza in the
lastlog file. The attributes of this user stanza are
initially empty. The field values are set by the login command as a result of logging in to the
system. The lsuser command displays the
values of these attributes; the rmuser
command removes the user stanza from this file, along with the user
account.
Access Control: This
command should grant read (r) access to the root user, members of the security
group, and others consistent with the security policy for the system.
Only the root user should have write (w) access.
A typical stanza is similar to
the following example for user bck:
bck:
time_last_unsuccessful_login = 732475345
tty_last_unsuccessful_login = tty0
host_last_unsuccessful_login = waterski
unsuccessful_login_count = 0
time_last_login = 734718467
tty_last_login = lft/0
host_last_login = waterski
This file is part of Base
Operating System (BOS) Runtime.
| /etc/security/lastlog
| Specifies the path to the lastlog file.
|
| /etc/group
| Contains the basic attributes of groups.
|
| /etc/security/group
| Contains the extended attributes of groups.
|
| /etc/passwd
| Contains the basic attributes of users.
|
| /etc/security/passwd
| Contains password information.
|
| /etc/security/environ
| Contains the environment attributes of users.
|
| /etc/security/user
| Contains the extended attributes of users.
|
| /etc/security/limits
| Contains the process resource limits of users.
|
The login command, lsuser command, mkuser command, rmuser command, su command.
The getuserattr subroutine, putuserattr subroutine.
[ Previous | Next | Table of Contents | Index |
Library Home |
Legal |
Search ]