Symlinking /var/log/utx.lastlogin to /dev/null to hide IP addresses results in a non-world-writable /dev/null

[hhartzer]

I've found that if I want to hide IP addresses from `last` and the like, the traditional recommendation is to symlink /var/log/utx.lastlogin to /dev/null. This works well, however, on these systems /dev/null will come up with 644 permissions instead of the usual 666. This tends to break all sorts of things. You certainly can chmod 666 /dev/null and get on your way, but I'd rather prevent it from happening in the first place.

I think that what happens is a service, maybe SSH, sees the /var/log/utx.lastlogin permissions as being too permissive, restricting them some, and proceeding. This unfortunately manifests at /dev/null due to the symlink.

This is kind of a niche case. I think there's a few avenues to change the behavior. There's a WITHOUT_UTMPX option in src.conf that might help. There's also some flags when building OpenSSHD. Not sure how to adjust those when doing a /usr/src make, though.

Curious to hear any thoughts on this. I wonder if Linux also is impacted by this?

 

[adriel-tech]

If you want to disable the utx stuff, I think you can add utx_enable="NO" to rc.conf.


sysrc utx_enable="NO"


I don't have anything to say about the permission changes you are seeing besides it seems weird.

 

[hhartzer]

If you want to disable the utx stuff, I think you can add utx_enable="NO" to rc.conf.


sysrc utx_enable="NO"


I don't have anything to say about the permission changes you are seeing besides it seems weird.

Interesting! Thank you for the suggestion. Unfortunately, I tested and that doesn't seem to have any impact on the behavior of lastlogin. I think that's logged all the same.