Re: Eumongoid lastlog file

To: Bob Bernstein <poobah@ruptured-duck.com>
Cc: debian-user@lists.debian.org
Subject: Re: Eumongoid lastlog file
From: montefin <montefin@finux.com>
Date: Tue, 27 Jun 2000 16:50:54 -0600
Message-id: <[🔎] 39592FCE.F7F7845C@finux.com>
References: <[🔎] 200006271512.LAA24395@robert.ruptured-duck.org>

Bob,

First, a 10k (actual) lastlog isn't a great burden to go forward with.

Second, if you do decide to eliminate qmail (btw, it creates 7 users:
alias, qmaild, qmaill, qmailp, qmailq, qmailr and qmails) you might want
to run

dpkg --status qmail

to make sure it's not installed as your mail-transport-agent (MTA). If
it's not installed, then probably the qmail users are just leftovers
from a broken or partially removed qmail install.

Also, try running

dpkg --status sendmail

to see if the most likely other MTA is installed. You'll need some MTA
installed to transport mail on your system.

Then, _maybe_ AYOR, 'userdel' the qmail users, or perhaps better run

dpkg --purge qmail

But still check /etc/passwd to see if the qmail guys are gone.

_However_, let /var/log/lastlog take care of itself. Also,
/var/log/faillog which shows the same odd behavior. They may not
automatically regenerate themselves if you rm them, and they are logs
you want to be able to check if you think your security may have been
breached (even though experienced crackers will diddle with them to
cover their tracks).

If I sound like I 'know-it-all', Bob, I don't. It was only about a month
ago I posted to this list with the subject line:

"Help! my /var/log/lastlog's as big as Canarsie!"

and Miquel van Smoorenburg set me on the path to exploring the mysteries
of what he termed Unix's 'sparse files'.

The inflated results from 'ls -l' still won't go away even if you delete
the high UID users, but they should diminish. For instance, on my Red
Hat box where the highest UID is 527, 'ls -l /var/log/lastlog' shows a
153952 filesize and 'du -k /var/log/lastlog' shows actual disk usage at
4k, a 38.5 to 1 inflation.

As they say in Wonderland, "Curiouser and curiouser!", hey?

montefin 

Bob Bernstein wrote:
> 
> montefin <montefin@finux.com> wrote:
> 
> > Is it possible you have an application like qmail which Debian requires
> > to have exceptionally high numbered UID's? Like say upwards of 65000?
> > /etc/passwd will show you your UID range.
> 
> You would have won that bet too: <g>
> 
> alias:x:70:65534:qmail alias:/var/qmail/alias:/bin/sh
> qmaild:x:71:65534:qmail daemon:/var/qmail:/bin/sh
> 
> Funny thing, I don't ever remember installing qmail; otoh this box probably
> goes back through a series of upgrades and drive copying to bo or hamm...
> 
> Can I dump those two passwd entries, and delete the lastlog so it'll start
> over, or shouldn't I worry about it? (Seeing that I haven't noticed it in the
> several years there's been Debian on this machine, I wonder why even ask!)
> 
> --
> Bob Bernstein                  http://www.ruptured-duck.com
>

Reply to:

Follow-Ups:
- Re: Eumongoid lastlog file
  - From: Bob Bernstein <PooBah@ruptured-duck.com>

References:
- Re[2]: Eumongoid lastlog file
  - From: Bob Bernstein <poobah@ruptured-duck.com>

Prev by Date: Re: Booting from network
Next by Date: Re: Can NIS go through firewall
Previous by thread: Re[2]: Eumongoid lastlog file
Next by thread: Re: Eumongoid lastlog file
Index(es):
- Date
- Thread