Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Sources of changes to /etc/motd and of other login messages?

4 views
Skip to first unread message

Lloyd Zusman

unread,
Dec 11, 2002, 6:40:41 AM12/11/02
to
What process or utility changes the contents of /etc/motd?
Occasionally, I see an extra system identification line that has been
placed into that file.

Also, what causes the following prompt to print out at login, after
/etc/motd has been displayed? ...

Last login: Wed Dec 11 06:25:26 2002 from 204.212.175.30

I have put the following into /etc/pam.d/login:

session optional pam_lastlog.so silent

However, that "Last login: ..." message still shows up.

This happens despite the fact that "LASTLOG_ENAB" is commented out in
/etc/login.defs, in the "OBSOLETED BY PAM" section.

Thanks in advance.

--
Lloyd Zusman
l...@asfast.com


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org


Colin Watson

unread,
Dec 11, 2002, 6:49:30 AM12/11/02
to
On Wed, Dec 11, 2002 at 06:34:48AM -0500, Lloyd Zusman wrote:
> What process or utility changes the contents of /etc/motd?
> Occasionally, I see an extra system identification line that has been
> placed into that file.

[cjwatson@arborlon /etc/init.d]$ grep motd *
bootmisc.sh:# Update /etc/motd.
bootmisc.sh: uname -a > /etc/motd.tmp
bootmisc.sh: sed 1d /etc/motd >> /etc/motd.tmp
bootmisc.sh: mv /etc/motd.tmp /etc/motd
[cjwatson@arborlon /etc/init.d]$ dlocate bootmisc.sh
sysvinit: /etc/init.d/bootmisc.sh

> Also, what causes the following prompt to print out at login, after
> /etc/motd has been displayed? ...
>
> Last login: Wed Dec 11 06:25:26 2002 from 204.212.175.30

Not sure ...

Cheers,

--
Colin Watson [cjwa...@flatline.org.uk]

Lloyd Zusman

unread,
Dec 11, 2002, 8:46:20 AM12/11/02
to
Colin Watson <cjwa...@debian.org> writes:

> On Wed, Dec 11, 2002 at 06:34:48AM -0500, Lloyd Zusman wrote:
>>

>> [ ... ]


>>
>
> [cjwatson@arborlon /etc/init.d]$ grep motd *
> bootmisc.sh:# Update /etc/motd.
> bootmisc.sh: uname -a > /etc/motd.tmp
> bootmisc.sh: sed 1d /etc/motd >> /etc/motd.tmp
> bootmisc.sh: mv /etc/motd.tmp /etc/motd
> [cjwatson@arborlon /etc/init.d]$ dlocate bootmisc.sh
> sysvinit: /etc/init.d/bootmisc.sh

I didn't think this was connected to system initialization at boot time,
but perhaps the system has been rebooted more frequently than I thought.

Thanks.


> [ ... ]


>
> Cheers,
>
> --
> Colin Watson [cjwa...@flatline.org.uk]


--
Lloyd Zusman
l...@asfast.com

martin f krafft

unread,
Dec 12, 2002, 11:16:51 AM12/12/02
to

--0lnxQi9hkpPO77W3
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

also sprach Colin Watson <cjwa...@debian.org> [2002.12.11.1244 +0100]:


> > Also, what causes the following prompt to print out at login, after
> > /etc/motd has been displayed? ...

> >=20


> > Last login: Wed Dec 11 06:25:26 2002 from 204.212.175.30

>=20
> Not sure ...

PAM:

%> grep lastlog /etc/pam.d/login
session optional pam_lastlog.so

wow, i knew something that colin didn't...

--=20
Please do not CC me! Get a proper mailer instead: www.mutt.org
=20
.''`. martin f. krafft <mad...@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
=20
NOTE: The public PGP keyservers are broken!
Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc

--0lnxQi9hkpPO77W3
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9+KM2IgvIgzMMSnURAjOZAKDnFjFbNiWit1HccSBvjHjI/bOMpwCgyin3
vL45AXDepNTW1ge35KjwPQA=
=PTVo
-----END PGP SIGNATURE-----

--0lnxQi9hkpPO77W3--

Lloyd Zusman

unread,
Dec 12, 2002, 12:26:51 PM12/12/02
to
martin f krafft <mad...@debian.org> writes:

> also sprach Colin Watson <cjwa...@debian.org> [2002.12.11.1244 +0100]:
>> > Also, what causes the following prompt to print out at login, after
>> > /etc/motd has been displayed? ...
>> >

>> > Last login: Wed Dec 11 06:25:26 2002 from 204.212.175.30
>>

>> Not sure ...
>
> PAM:
>
> %> grep lastlog /etc/pam.d/login
> session optional pam_lastlog.so
>
> wow, i knew something that colin didn't...

I mentioned in my original message about pam_lastlog.so. I pointed out
that I've set it as follows inside of /etc/pam.d/login, but I'm still
getting the "Last login: ..." line when I log in:

session optional pam_lastlog.so silent

Apparently, this line is getting ignored, and something else is causing
that "Last login: ..." message to get printed.

But what ... ???


--
Lloyd Zusman
l...@asfast.com

Colin Watson

unread,
Dec 12, 2002, 12:45:11 PM12/12/02
to
On Thu, Dec 12, 2002 at 03:54:46PM +0100, martin f krafft wrote:
> also sprach Colin Watson <cjwa...@debian.org> [2002.12.11.1244 +0100]:
> > > Also, what causes the following prompt to print out at login, after
> > > /etc/motd has been displayed? ...
> > >
> > > Last login: Wed Dec 11 06:25:26 2002 from 204.212.175.30
> >
> > Not sure ...
>
> PAM:
>
> %> grep lastlog /etc/pam.d/login
> session optional pam_lastlog.so

He said he'd added the 'silent' option, though, in the original post.

This isn't via ssh, is it? There's a bug filed about this, #169938.

> wow, i knew something that colin didn't...

:-)

--
Colin Watson [cjwa...@flatline.org.uk]

martin f krafft

unread,
Dec 12, 2002, 1:50:01 PM12/12/02
to

--9jxsPFA5p3P2qPhR

Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

also sprach Lloyd Zusman <l...@asfast.com> [2002.12.12.1719 +0100]:


> I mentioned in my original message about pam_lastlog.so.

Sorry, didn't see that...

> Apparently, this line is getting ignored, and something else is causing
> that "Last login: ..." message to get printed.

on the console or through ssh?

have you checked /etc/login.defs?

What 'login' are you using?

--=20
Please do not CC me! Get a proper mailer instead: www.mutt.org
=20
.''`. martin f. krafft <mad...@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
=20
NOTE: The public PGP keyservers are broken!
Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc

--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9+MncIgvIgzMMSnURAlxbAJ9iD6yucUvBt+w1bB6sh6kOlbdcbgCdHylQ
h/jDkCNsgHoq0gZJCXHa0Ts=
=NDMH
-----END PGP SIGNATURE-----

--9jxsPFA5p3P2qPhR--

Lloyd Zusman

unread,
Dec 12, 2002, 4:47:23 PM12/12/02
to
martin f krafft <mad...@debian.org> writes:

> also sprach Lloyd Zusman <l...@asfast.com> [2002.12.12.1719 +0100]:
>> I mentioned in my original message about pam_lastlog.so.
>
> Sorry, didn't see that...

No problem.


>> Apparently, this line is getting ignored, and something else is causing
>> that "Last login: ..." message to get printed.
>
> on the console or through ssh?

Both.


> have you checked /etc/login.defs?

Yes. Everything is normal. The following appears at the bottom of that
file, in the "OBSOLETED BY PAM" section (among about a dozen or so
commented-out tags):

#LASTLOG_ENAB

Incidentally, the following line appears both in /etc/pam.d/login and
/etc/pam.d/ssh:

session optional pam_lastlog.so silent

No other file in /etc/pam.d has any mention of pam_lastlog.so in it.


> What 'login' are you using?

I'm not sure. It's the standard /bin/login that comes with woody. How
can I tell?


--
Lloyd Zusman
l...@asfast.com

Lloyd Zusman

unread,
Dec 12, 2002, 7:26:43 PM12/12/02
to
Colin Watson <cjwa...@debian.org> writes:

> On Thu, Dec 12, 2002 at 03:54:46PM +0100, martin f krafft wrote:
>> also sprach Colin Watson <cjwa...@debian.org> [2002.12.11.1244 +0100]:
>>

>> PAM:
>>
>> %> grep lastlog /etc/pam.d/login
>> session optional pam_lastlog.so
>
> He said he'd added the 'silent' option, though, in the original post.
>
> This isn't via ssh, is it? There's a bug filed about this, #169938.

Actually, it *is* via ssh. About an hour ago I wrote a reply to Martin
Krafft here, saying that that the problem occurred both in login and ssh
... but I was wrong about login. I came back here to correct that post,
and I just noticed this message of yours.

I just checked bug 169938, and on the basis of that report I set
"PrintLastLog no" in /etc/ssh/sshd_conf. That fixed the problem.

I suppose that recompiling ssh with "--without-lastlog" might also have
done the trick (as long as I also make sure that I use "--with-pam").

I got thrown off the track when I mistakenly thought that I saw this
same problem when using 'login' as well as 'ssh'.

Martin Krafft's question a little earlier today got me thinking that I
had better double-check this, and I'm glad I did.

Thanks to the both of you.

Problem solved. I'm happy. :)

--
Lloyd Zusman
l...@asfast.com

Colin Watson

unread,
Dec 13, 2002, 5:07:15 AM12/13/02
to
On Thu, Dec 12, 2002 at 07:12:00PM -0500, Lloyd Zusman wrote:
> Colin Watson <cjwa...@debian.org> writes:
> > This isn't via ssh, is it? There's a bug filed about this, #169938.
>
> Actually, it *is* via ssh. About an hour ago I wrote a reply to Martin
> Krafft here, saying that that the problem occurred both in login and ssh
> ... but I was wrong about login. I came back here to correct that post,
> and I just noticed this message of yours.
>
> I just checked bug 169938, and on the basis of that report I set
> "PrintLastLog no" in /etc/ssh/sshd_conf. That fixed the problem.

Right. We (Debian openssh maintainers) will probably make that the
default soon, one way or another.

Cheers,

--
Colin Watson [cjwa...@flatline.org.uk]


0 new messages