wtmp and setuid gone mad..
hi
i tried to post this this morning, but it never made it.
i have a diskless cluster.. uses kernel nfs and etherboot. there is only
one copy of the kernel but a separate root directory for each node...
all served up by one machine (only one with a disk).
from /var/log:
-rw-r----- 1 root adm 466257 Nov 12 06:30 setuid.today
-rw-r----- 1 root adm 2059982 Oct 8 06:26 setuid.yesterday
snip<
-rw-rw-r-- 1 root utmp 8640384 Nov 17 2002 wtmp
-rw-rw-r-- 1 root utmp 14795136 Nov 17 06:26 wtmp.1
setuid.* is full of messages from *every* device in /dev...
wtmp had login messages by the thousands from each of the tty devices:
the kind you get with ctrl/alt/f2...not the serial ports.
i only discovered this when the log messages ran the server node out of
disk space.
a few of the nodes are not doing this: the nfs serving host and a new
node i added last week. all the nodes were re-started last week with a
fresh copy of their root directory.
i'd be very grateful for a clue to follow. i am not really familiar
with all the logging procedure. man wtmp reveals that the records are
created and updated by the login process. man setuid is talking
about the system function and does not mention logging and how it is
done.
thanks in advance
dave
--
Dave Mallery, K5EN (debian testing & woody)
PO Box 520 .~. _ Ramah, NM 87321
/V\ -o)
no gates... /( )\ /\\ running Debian GNU/Linux
no windows! ^^^^^ _\_v free at last!
Reply to: