Log console logins in /var/log/wtmp

2013-09-22 18:16:22 +02:00 · 2013-09-22 18:16:22 +02:00 · 4be5fae2da
commit 4be5fae2da
parent 14f55a2f67
2 changed files with 5 additions and 1 deletions
--- a/modules/programs/shadow.nix
+++ b/modules/programs/shadow.nix
@ -91,7 +91,7 @@ in
        { name = "groupmod"; rootOK = true; }
        { name = "groupmems"; rootOK = true; }
        { name = "groupdel"; rootOK = true; }
-        { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; }
+        { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; }
      ];

    security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ];
--- a/modules/security/pam.nix
+++ b/modules/security/pam.nix
@ -70,6 +70,8 @@ let
      limits ? config.security.pam.loginLimits
    , # Whether to show the message of the day.
      showMotd ? false
+    , # Whether to update /var/log/wtmp.
+      updateWtmp ? false
    }:

    { source = pkgs.writeText "${name}.pam"
@ -114,6 +116,8 @@ let

          # Session management.
          session required pam_unix.so
+          ${optionalString updateWtmp
+              "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
          ${optionalString config.users.ldap.enable
              "session optional ${pam_ldap}/lib/security/pam_ldap.so"}
          ${optionalString config.krb5.enable