Utmp, Wtmp

isolder

Registered
If I delete the wtmp file in /var/log/ will it be recreated later?

Or uh if I can't delete the wtmp file can I edit out lines from it?
 
Originally posted by isolder
If I delete the wtmp file in /var/log/ will it be recreated later?

Or uh if I can't delete the wtmp file can I edit out lines from it?

Excuse me if this sounds rude, but what legitimate reason could there be for obscuring information about who has logged into the machine?
 
Simply put, I don't want other people in my family knowing who's connecting to my server. The legitimacy is that both myself (the host) and my friend (the person who will be connecting) don't want anyone ever knowing who is connecting. It's a paranoia/security thing that we're both concerned about.

Preferably I'd like it to not be known at all that I'm letting someone connect to me nor what they were doing. We're both pretty paranoid about people reading our files and if somebody else were to find any trace of us using these files or where they are located, that would really suck for us. Our things should remain private and I don't think it's very private if someone can get on and see exactly who's been connected at what time.
 
wow, u must be having the scientologists secret bible on your HD or sumthin.. u r really paranoid. But I guess it's valid these days..
 
The default perms on wtmp under OSX are pretty tight:

-rw-r----- 1 root wheel 58k Mar 31 16:45 /private/var/log/wtmp

Writable only by root, readable only by root and users in the wheel group (i.e. admins)

If the box is yours, remove administrative rights from all the other accounts and the other users at your house can't see who's been logged in.
 
Still, though, can I safely delete these files or remove lines from them without messing something up? I don't want them to be gone forever but I want to delete them when certain logins are recorded.
 
Back
Top