Defines the last login attributes for users.
The /etc/security/lastlog file is an ASCII file that contains stanzas with the last login attributes for users. Each stanza is identified by a user name and contains attributes in the Attribute=Value form. Each attribute is ended by a new-line character, and each stanza is ended by an additional new-line character.
Each stanza can have the following attributes:
time_last_login | Specifies the number of seconds since the epoch (00:00:00 GMT, January 1, 1970) since the last successful login. The value is a decimal integer. |
tty_last_login | Specifies the terminal on which the user last logged in. The value is a character string. |
host_last_login | Specifies the host from which the user last logged in. The value is a character string. |
unsuccessful_login_count | Specifies the number of unsuccessful login attempts since the last
successful login. The value is a decimal integer. This attribute works in
conjunction with the user's loginretries attribute, specified in the /etc/security/user file, to lock the user's account after a specified
number of consecutive unsuccessful login attempts. Once the user's account
is locked, the user will not be able to log in until the system administrator
resets the user's unsuccessful_login_count attribute to be less than the value
of loginretries. To do this, enter the following:
chsec -f /etc/security/lastlog -s username -a \ unsuccessful_login_count=0 |
time_last_unsuccessful_login | Specifies the number of seconds since the epoch (00:00:00 GMT, January 1, 1970) since the last unsuccessful login. The value is a decimal integer. |
tty_last_unsuccessful_login | Specifies the terminal on which the last unsuccessful login attempt occurred. The value is a character string. |
host_last_unsuccessful_login | Specifies the host from which the last unsuccessful login attempt occurred. The value is a character string. |
All user database files should be accessed through the system commands and subroutines defined for this purpose. Access through other commands or subroutines may not be supported in future releases.
The mkuser command creates a user stanza in the lastlog file. The attributes of this user stanza are initially empty. The field values are set by the login command as a result of logging in to the system. The lsuser command displays the values of these attributes; the rmuser command removes the user stanza from this file, along with the user account.
Access Control: This command should grant read (r) access to the root user, members of the security group, and others consistent with the security policy for the system. Only the root user should have write (w) access.
A typical stanza is similar to the following example for user bck:
bck: time_last_unsuccessful_login = 732475345 tty_last_unsuccessful_login = tty0 host_last_unsuccessful_login = waterski unsuccessful_login_count = 0 time_last_login = 734718467 tty_last_login = lft/0 host_last_login = waterski
/etc/security/lastlog | Specifies the path to the lastlog file. |
/etc/group | Contains the basic attributes of groups. |
/etc/security/group | Contains the extended attributes of groups. |
/etc/passwd | Contains the basic attributes of users. |
/etc/security/passwd | Contains password information. |
/etc/security/environ | Contains the environment attributes of users. |
/etc/security/user | Contains the extended attributes of users. |
/etc/security/limits | Contains the process resource limits of users. |
The login command, lsuser command, mkuser command, rmuser command, su command.
The getuserattr subroutine, putuserattr subroutine.