Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

deleting utmp and wtmp

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
kereberos
Posts: 67
Joined: 2011-05-23 09:12

deleting utmp and wtmp

#1 Post by kereberos »

Every time i delete the following files to avoid loggings, they come back automagically...and i don't want this to happen.

Code: Select all

       /var/log/utmp
       /var/log/wtmp
       /var/log/btmp
       /var/run/utmp
What program recreates the above files on startup? and how to stop it? i want to delete them permanently.

From man last:

Code: Select all

NOTES
       The files wtmp and btmp might not be found. The system only logs infor‐
       mation  in  these files if they are present. This is a local configura‐
       tion issue. If you want the files to be used, they can be created  with
       a simple touch(1) command (for example, touch /var/log/wtmp).
yet something runs the equivalent of "touch /var/log/wtmp /var/log/utmp" without asking and this is bad.

User avatar
phenest
Posts: 1702
Joined: 2010-03-09 09:38
Location: The Matrix

Re: deleting utmp and wtmp

#2 Post by phenest »

Why do you want to delete them? Are they causing you problems?
ASRock H77 Pro4-M i7 3770K - 32GB RAM - Pioneer BDR-209D

kereberos
Posts: 67
Joined: 2011-05-23 09:12

Re: deleting utmp and wtmp

#3 Post by kereberos »

I want to disable the logging of logged in users.

kereberos
Posts: 67
Joined: 2011-05-23 09:12

Re: deleting utmp and wtmp

#4 Post by kereberos »

BUMP

kereberos
Posts: 67
Joined: 2011-05-23 09:12

Re: deleting utmp and wtmp

#5 Post by kereberos »

BUMP

kereberos
Posts: 67
Joined: 2011-05-23 09:12

Re: deleting utmp and wtmp

#6 Post by kereberos »

BUMP

User avatar
VentGrey
Posts: 171
Joined: 2016-04-26 23:57
Location: Guanajuato México

Re: deleting utmp and wtmp

#7 Post by VentGrey »

Have you tried....I don't know following webpages advice?

https://www.cyberciti.biz/faq/howto-dis ... formation/

De-Bump
I would exchange everything I know in exchange for half of what I don't.

kereberos
Posts: 67
Joined: 2011-05-23 09:12

Re: deleting utmp and wtmp

#8 Post by kereberos »

1) If you empty the log-files you clear the logs... but it is expected they to come back in the future.
2) If you delete the log-files you clear the logs and prevent them from returning.
That is what the manual say (man last)

I don't want to clear the logs but to clear them permanently (so that they won't log anything anymore). Basically i want to do the thing #2. The article you linked talks about #1

It seems there is something (systemd? maybe i don't know no idea) that automatically recreates the deleted files. This gives other programs the opportunity to log new information.
The UNIX design is to work as in #2... but for some reasons deleting the files is not enough for Debian. I don't know if this is a issue only for Debian or all systems with systemd or what else. But the documented way just does not work. The documentation is wrong is a way or the other....and either way it is a shame nobody knows anything about the way logging works in Debian (i ain't talking to you VentGrey but all expert System Administrators and Users in this forum actually knowing crap about UNIX, Linux, Debian, systemd and everything. No idea why running a support forum if there's nobody able to give any effective support).

Long story short SOLUTION NOT yet FOUND BUMP

User avatar
VentGrey
Posts: 171
Joined: 2016-04-26 23:57
Location: Guanajuato México

Re: deleting utmp and wtmp

#9 Post by VentGrey »

As far as google concerns there are no results on this, the only thing that I could find that was similar to what you requested is about truncating the wtmp file. :shock:

Code: Select all

KEEP=500
DEST=/scratch

# Delete all but last $KEEP lines from wtmp
/usr/lib/acct/fwtmp < /var/adm/wtmp > $DEST/wtmp.out
tail -$KEEP $DEST/wtmp.out | /usr/lib/acct/fwtmp -ci > /var/adm/wtmp

# Keep everything except last $KEEP line in $DEST bzip2 date-stamped file
sed -e :a -e '$d;N;2,'$KEEP'ba' -e 'P;D'  $DEST/wtmp.out | bzip2> $DEST/wtmp_$(date +%Y%m%d).bz2
rm $DEST/wtmp.out
source: http://www.unix.com/shell-programming-a ... files.html
I would exchange everything I know in exchange for half of what I don't.

kereberos
Posts: 67
Joined: 2011-05-23 09:12

Re: deleting utmp and wtmp

#10 Post by kereberos »

I did read the documentation. I did the search myself before posting. Google, bing, yahoo, duckduck, ixquick. You name it.
All to no avail.

The documentation is wrong and doesn't work. On the Internet nobody seems to have ever disabled the logging of logged-in users in recent Debian releases. On old releases without systemd, it seems the UNIX way was working. So i think this problem was introduced by systemd and systemd is recreating the deleted files (breaking the UNIX way to disable user-logging...)
Debian is going downhill so quickly. It is a pack of software piled up by stupid incompetents that don't even know what they're doing. No wonder nobody is able to answer a simple question such as a way to disable the logging system.

BUMP

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: deleting utmp and wtmp

#11 Post by GarryRicketson »

No wonder nobody is able to answer a simple question such as a way to disable the logging system.
Regardless of the reason nobody can answer a simple question, it is obvious
nobody is going to answer, when nobody answers.
Repeatedly bumping the post is not going to change this.
Please read: Forum guidelines. Please read before first post!

And before getting mad, and upset,..Please read this thread:
http://forums.debian.net/viewtopic.php? ... 41#p648141
Postby kereberos » 2017-06-27 10:01 >>Debian is going downhill so quickly. It is a pack of software piled up by stupid incompetents that don't even know what they're doing. No wonder nobody is able to answer a simple question such as a way to disable the logging system.
If you are really that unhappy with Debian, the way it is there is plenty
of other options, nobody is forcing you to use Debian.
If you don't like the free meal, either learn how to cook and make your own dinner, or go to a different "soup kitchen", or also you could try to help the workers, in the kitchen.
Thank you
-----------edited-------------------------
There is nothing wrong with not being happy with the way things are with Debian now, but calling people , the developers, and the people that try to help by keeping this forum on-line and available " stupid incompetents ", that is totally UN-called for, if you are so smart and perfect, Why don't you open up the source code, and edit the code that causes user login logs to be created, re-compile, it ? Could it be because you are also the same, as what you are calling others ? problem solved .
If any body knew of a simple , easy solution , I am sure they would have published it some where, and it would come up in searches, if someone here
knew of a easy simple solution, I am sure they would tell you, and share it.
Please stop bumbing this every day, even the bumping is not that bad, but to start calling everybody "" stupid incompetents ", is way off base.
Last edited by GarryRicketson on 2017-06-27 19:09, edited 1 time in total.

reinob
Posts: 1189
Joined: 2014-06-30 11:42
Has thanked: 97 times
Been thanked: 47 times

Re: deleting utmp and wtmp

#12 Post by reinob »

kereberos wrote:I want to disable the logging of logged in users.
Have you already looked in /etc/login.defs?
That's the configuration for the login program.
Check:
LOG_OK_LOGINS
LOG_UNKFAIL_ENAB

and disable as required.

Please note that if you're using PAM some of the settings may be ignored, as PAM includes its own configuration.
For the record, I don't think that systemd has anything to do with this.. but you never know :)

kereberos
Posts: 67
Joined: 2011-05-23 09:12

Re: deleting utmp and wtmp

#13 Post by kereberos »

There is documentation available in Debian about how all worked before (the UNIX way) and at the same time that documentation is outdated and does not work because there is systemd and some guys decided to push it inside Debian and weren't aware of what the f* they were doing at all. Red Hat's in command.
It's possible somebody will see this post and answer. This is why it's ok to BUMP the topic to keep it alive. At the same time i am very disappointed with a distro that was supposed to be stable and broke all the standards for no reason whatsoever. What the heck were those guys doing and thinking. Pushing non-standard unstable software without proper documentation and old, thus misleading, documentation into a stable distro. Sounds not smart.
This support forum is also very disappointing because nobody ever knows anything. I looked at other topics. The average quality of answers ranges from a "why are you asking it" to a "google it yourself". Your long lecture with no actual answer to solve the problem is actually indicative of my point. Nobody is forcing you to send unhelpful answers. When you suggest to switch distro you confirm this distro turned into total crap. Brilliant. GTFO.

Code: Select all

# Enable display of unknown usernames when login failures are recorded.
#
# WARNING: Unknown usernames may become world readable. 
# See #290803 and #298773 for details about how this could become a security
# concern
LOG_UNKFAIL_ENAB        no

#
# Enable logging of successful logins
#
LOG_OK_LOGINS           no
Thank you for your useful attempt reinob. However these options look disabled by default. The problem is for sure caused by systemd... what else software would create on its own files on the filesystem breaking standards and the way other programs work... There is a mix of outdated and misleading docs that make difficult to understand what breaks what. That's also typical of badly designed system(d)s.

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: deleting utmp and wtmp

#14 Post by dilberts_left_nut »

kereberos wrote:There is documentation available in Debian ... that documentation is outdated and does not work
So stop whining and file a bug report.
kereberos wrote:This is why it's ok to BUMP the topic to keep it alive.
No, that will just get your topic locked.
AdrianTM wrote:There's no hacker in my grandma...

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: deleting utmp and wtmp

#15 Post by GarryRicketson »

by kereberos » Pushing non-standard unstable software without proper documentation and old, thus misleading, documentation into a stable distro. Sounds not smart.
There are 2 sides to that coin, and one can look through the forum and see
countless posts complaining and pushing for Debian to be "new and shiny",
like some of the other distros, and all though I am not positive on this , I do
suspect there was a lot of "pressure" from others, to try to get the new release
ASP, maybe many users need to think about it twice, before pressuring the "cooks" and trying to tell them to, "hurry up , just serve the "free meal",.. we don't like to wait, ... well now we see the results, a meal was served, not really ready to
eat,.. and the complaining continues.
There is documentation available in Debian about how all worked before (the UNIX way) and at the same time that documentation is outdated and does not work because there is systemd and some guys decided to push it inside Debian
Yes this is quite true, and is my reasons for sticking with "old stable" and Debian versions that are well established, and were released, before the "Big bang", so
to speak,..
Have you ever even thought about trying to help update the outdated documentation ? I have my doubts .
Even just user can join the wiki, and help with that, and there is a very real need for this,..
The same for the Debian.org web site, how ever it is some what more complicated, and that probably is part of the problem there.
by kereberos » Brilliant. GTFO.
You are a real winner, brilliant,...and of course you are all ways right, in any event , no point in arguing with a troll, it is a pointless waste of time, and there are 100s of pages on the wiki that need spanish translations, as well as being updated,... so any way,... that is all from me. I do have better things to do.
YES

reinob
Posts: 1189
Joined: 2014-06-30 11:42
Has thanked: 97 times
Been thanked: 47 times

Re: deleting utmp and wtmp

#16 Post by reinob »

kereberos wrote:The problem is for sure caused by systemd... what else software would create on its own files on the filesystem breaking standards and the way other programs work... There is a mix of outdated and misleading docs that make difficult to understand what breaks what. That's also typical of badly designed system(d)s.
OK. I think I got it.

Check if you have /etc/tmpfiles.d/var.conf (I'm running sid but it should be close enough).

In it, you should have:

Code: Select all

f /var/log/wtmp 0664 root utmp -
f /var/log/btmp 0600 root utmp -
Comment those out (#...) and systemd should not create those files anymore when booting (or whenever it does it).

Check if that does it.
If not, the next thing to try is also to:

Code: Select all

# systemctl disable systemd-update-utmp-runlevel
# systemctl disable systemd-update-utmp
Please note that I haven't tested this and if you thusly break your debian installation you get to keep the pieces.
Good luck.

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: deleting utmp and wtmp

#17 Post by kedaha »

According to the man page NOTES for utmp_wtmp:
Unlike various other systems, where utmp logging can be disabled by
removing the file, utmp must always exist on Linux. If you want to
disable who(1), then do not make utmp world readable.
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

deborah-and-ian
Posts: 182
Joined: 2016-07-13 08:40

Re: deleting utmp and wtmp

#18 Post by deborah-and-ian »

kereberos wrote:GTFO.
You are such a small human being.
Debian GNU/Linux 9 Stretch w/Openbox

Acer Aspire E5-521G
AMD A8-6410 APU
4 GB RAM
integrated AMD Mullins
dedicated AMD Hainan Radeon R5 M240 2 GB
240 GB Toshiba Q300 SSD
Realtek RTL8111/8168/8411 ethernet
Qualcomm Atheros QCA9565 wireless

kereberos
Posts: 67
Joined: 2011-05-23 09:12

Re: deleting utmp and wtmp

#19 Post by kereberos »

A guy yells troll but everybody knows that it takes one to know one.
A fool's gone for good... --yet gets replaced right away with this other idiot above. There is no peace on this forum.

On the side of good news. Thank you kedaha. Accidentally you managed to point out how much non-standard is Linux. Manpages/manuals shipped from installed software in a GNU Linux distro contradict each other and all are deprecated altogether by systemd. Crazy! However it seems that removing utmp doesn't cause any problem at all. So ok.
An even bigger thanks goes to reinob who found the solution. Actually, I was on the right track and found it by myself yesterday at the same time or seconds before him but reinob did it too... well done. So i was going to post the solution now. Of course the systemd bloatware is the cause. For the record check systemctl --all status *utmp* and nuke em all then check what the heck your systemd-tmpfiles-setup.service does and eventually fix it up properly. :mrgreen:

Post Reply