lastlog File Format

Purpose

Defines the last login attributes for users.

Description

The /etc/security/lastlog file is an ASCII file that contains stanzas with the last login attributes for users. Each stanza is identified by a user name and contains attributes in the Attribute=Value form. Each attribute is ended by a new-line character, and each stanza is ended by an additional new-line character.

Each stanza can have the following attributes:

Item Description
time_last_login Specifies the number of seconds since the epoch (00:00:00 GMT, January 1, 1970) since the last successful login. The value is a decimal integer.
tty_last_login Specifies the terminal on which the user last logged in. The value is a character string.
host_last_login Specifies the host from which the user last logged in. The value is a character string.
unsuccessful_login_count Specifies the number of unsuccessful login attempts since the last successful login. The value is a decimal integer. This attribute works in conjunction with the user's loginretries attribute, specified in the /etc/security/user file, to lock the user's account after a specified number of consecutive unsuccessful login attempts. Once the user's account is locked, the user will not be able to log in until the system administrator resets the user's unsuccessful_login_count attribute to be less than the value of loginretries. To do this, enter the following:

chsec -f /etc/security/lastlog -s username -a \ unsuccessful_login_count=0

time_last_unsuccessful_login Specifies the number of seconds since the epoch (00:00:00 GMT, January 1, 1970) since the last unsuccessful login. The value is a decimal integer.
tty_last_unsuccessful_login Specifies the terminal on which the last unsuccessful login attempt occurred. The value is a character string.
host_last_unsuccessful_login Specifies the host from which the last unsuccessful login attempt occurred. The value is a character string.

All user database files should be accessed through the system commands and subroutines defined for this purpose. Access through other commands or subroutines may not be supported in future releases.

The mkuser command creates a user stanza in the lastlog file. The attributes of this user stanza are initially empty. The field values are set by the login command as a result of logging in to the system. The lsuser command displays the values of these attributes; the rmuser command removes the user stanza from this file, along with the user account.

Security

Access Control: This command should grant read (r) access to the root user, members of the security group, and others consistent with the security policy for the system. Only the root user should have write (w) access.

Examples

A typical stanza is similar to the following example for user bck:

bck:
   time_last_unsuccessful_login = 732475345
   tty_last_unsuccessful_login = tty0
   host_last_unsuccessful_login = waterski
   unsuccessful_login_count = 0
   time_last_login = 734718467
   tty_last_login = lft/0
   host_last_login = waterski

Files

Item Description
/etc/security/lastlog Specifies the path to the lastlog file.
/etc/group Contains the basic attributes of groups.
/etc/security/group Contains the extended attributes of groups.
/etc/passwd Contains the basic attributes of users.
/etc/security/passwd Contains password information.
/etc/security/environ Contains the environment attributes of users.
/etc/security/user Contains the extended attributes of users.
/etc/security/limits Contains the process resource limits of users.