login: add support for login.defs(5) LASTLOG_UID_MAX
This new variable allows to keep lastlog file small and filter out
things like huge nfsnobody UIDs.
The variable is also supported by shadow-utils (adduser, etc.).
Addresses: https://github.com/shadow-maint/shadow/pull/142/
Signed-off-by: Karel Zak <kzak@redhat.com>
diff --git a/login-utils/login.1 b/login-utils/login.1
index b73eae1..084f6c9 100644
--- a/login-utils/login.1
+++ b/login-utils/login.1
@@ -256,6 +256,17 @@
.IR yes .
.RE
.PP
+.B LASTLOG_UID_MAX
+(unsigned number)
+.RS 4
+Highest user ID number for which the lastlog entries should be
+updated. As higher user IDs are usually tracked by remote user
+identity and authentication services there is no need to create
+a huge sparse lastlog file for them. No LASTLOG_UID_MAX option
+present in the configuration means that there is no user ID limit
+for writing lastlog entries.
+.RE
+.PP
.B LOG_UNKFAIL_ENAB
(boolean)
.RS 4
diff --git a/login-utils/login.c b/login-utils/login.c
index 23b62b8..ab819f1 100644
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -503,6 +503,9 @@
if (!cxt->pwd)
return;
+ if (cxt->pwd->pw_uid > (uid_t) getlogindefs_num("LASTLOG_UID_MAX", ULONG_MAX))
+ return;
+
/* lastlog is huge on systems with large UIDs, ignore SIGXFSZ */
memset(&sa, 0, sizeof(sa));
sa.sa_handler = SIG_IGN;
