diff options
author | Karel Zak | 2013-10-21 14:27:30 +0200 |
---|---|---|
committer | Karel Zak | 2013-10-21 14:27:30 +0200 |
commit | d0c10f7df935b2c222b168fffdf68d25adef9739 (patch) | |
tree | fa64041ab3cd673fa151ef459d5de0932de09a7a /login-utils/su.1 | |
parent | po: merge changes (diff) | |
download | kernel-qcow2-util-linux-d0c10f7df935b2c222b168fffdf68d25adef9739.tar.gz kernel-qcow2-util-linux-d0c10f7df935b2c222b168fffdf68d25adef9739.tar.xz kernel-qcow2-util-linux-d0c10f7df935b2c222b168fffdf68d25adef9739.zip |
su: add info about pam_lastlog to su.1
References: https://bugzilla.redhat.com/show_bug.cgi?id=1021108
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils/su.1')
-rw-r--r-- | login-utils/su.1 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/login-utils/su.1 b/login-utils/su.1 index 1d8176218..55c0b8bac 100644 --- a/login-utils/su.1 +++ b/login-utils/su.1 @@ -226,6 +226,20 @@ command specific logindef config file /etc/login.defs global logindef config file .PD 1 +.SH NOTES +For security reasons +.B su +always logs failed log-in attempts to the btmp file, but it does not write to +the lastlog file at all. This solution allows to control +.B su +behavior by PAM configuration. If you want to use the pam_lastlog module to +print warning message about failed log-in attempts then the pam_lastlog has to +be configured to update lastlog file too. For example by: + +.RS +.br +session required pam_lastlog.so nowtmp +.RE .SH "SEE ALSO" .BR runuser (8), .BR pam (8), |