You are not logged in.
I have 2 machines: one laptop with original Arch Linux installed and desktop with Antergos, but now it is like Arch. I on both use i3-wm, and on both use the same i3 config.
I set to run xterm for mod+return key press:
bindsym $mod+Return exec xterm
And now it is interesting thing:
When I run xterm with previous shortcut on desktop and run 'last | less' I see:
...
user pts/8 :0 Mon Dec 2 16:49 - 16:49 (00:00)
user pts/5 :0 Mon Dec 2 16:15 - 16:15 (00:00)
user pts/5 :0 Mon Dec 2 15:51 - 15:51 (00:00)
user pts/7 :0 Mon Dec 2 14:01 - 16:48 (02:47)
user pts/5 :0 Mon Dec 2 13:43 - 15:51 (02:07)
user tty1 Mon Dec 2 12:50 - down (08:19)
...
tty1 is my login terminal (startx), pts is xterm (and same for urxvt) started on X, also the same if started by dmenu:
bindsym $mod+d exec dmenu_run
When I run xterm with previous shortcut on laptop and run 'last | less' I see only one tty1 and no pts for any amount of xterm, urxvt (all started on X).
How can that be?
Where to look for to change from pts to tty on desktop for xterm, urxvt (and possibly others) configuration?
I want to do it on desktop the same as it is on laptop, but don't know how.
Last edited by xerxes_ (2019-12-07 12:05:41)
Offline
stat /usr/lib/utempter/utempter
stat /var/run/utmp
Offline
This is from my desktop:
LC_ALL=C stat /usr/lib/utempter/utempter
File: /usr/lib/utempter/utempter
Size: 9992 Blocks: 24 IO Block: 4096 regular file
Device: 802h/2050d Inode: 3671554 Links: 1
Access: (2755/-rwxr-sr-x) Uid: ( 0/ root) Gid: ( 996/ utmp)
Access: 2019-12-02 13:43:56.380195618 +0100
Modify: 2018-06-04 15:56:56.000000000 +0200
Change: 2019-01-28 12:55:09.017024514 +0100
Birth: 2019-01-28 12:55:09.017024514 +0100
LC_ALL=C stat /var/run/utmp
File: /var/run/utmp
Size: 768 Blocks: 8 IO Block: 4096 regular file
Device: 16h/22d Inode: 14854 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 0/ root) Gid: ( 996/ utmp)
Access: 2019-12-03 18:24:30.622571829 +0100
Modify: 2019-12-03 18:23:56.279272983 +0100
Change: 2019-12-03 18:23:56.279272983 +0100
Birth: -
Would you want output of the same commands from laptop?
Offline
If you don't want the terminals to show up in utmp, "{urxvt|xterm} -ut" should do (you can also set that in the resources) - the laptop either has these flags enabled or the permissions between the two mentioned files are off and utempter cannot write into utmp.
Offline
I have one more question: from security or other reasons should every terminal which logged in user be displayed by last or similar command or not? Or maybe it doesn't matter? How do you think?
Offline
The degree to that you surveil your users is to your personal favour (and the local laws), but utmp isn't the best way to do this.
In this context it's
a) rather meaningless (another terminal window inside a login is no new login and more a matter of convenience)
b) voluntary ("xterm -ut" will omit it, the user already has a login)
Also there's a full audit system to track certain user actions, https://wiki.archlinux.org/index.php/Audit_framework - eg. if they run an interactive text shell etc.
Offline
This is output from my laptop:
LC_ALL=C stat /usr/lib/utempter/utempter
File: /usr/lib/utempter/utempter
Size: 9992 Blocks: 24 IO Block: 4096 regular file
Device: 19h/25d Inode: 3799127 Links: 1
Access: (2755/-rwxr-sr-x) Uid: ( 0/ root) Gid: ( 996/ git)
Access: 2019-12-02 23:19:17.148009541 +0100
Modify: 2018-06-04 15:56:56.000000000 +0200
Change: 2018-06-08 13:31:56.385695472 +0200
Birth: 2018-06-08 13:31:56.385695472 +0200
LC_ALL=C stat /var/run/utmp
File: /var/run/utmp
Size: 768 Blocks: 8 IO Block: 4096 regular file
Device: 16h/22d Inode: 18898 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 0/ root) Gid: ( 20/ utmp)
Access: 2019-12-05 11:31:54.820032481 +0100
Modify: 2019-12-05 11:31:01.309713905 +0100
Change: 2019-12-05 11:31:01.309713905 +0100
Birth: -
ll /usr/lib/utempter/utempter
-rwxr-sr-x 1 root git 9992 2018-06-04 /usr/lib/utempter/utempter
ll /var/run/utmp
-rw-rw-r-- 1 root utmp 768 12-05 11:31 /var/run/utmp
Permissions look the same, only group differs for utmp. So I only have to change the group for utmp on desktop?
The degree to that you surveil your users is to your personal favour (and the local laws), but utmp isn't the best way to do this.
In this context it's
a) rather meaningless (another terminal window inside a login is no new login and more a matter of convenience)
b) voluntary ("xterm -ut" will omit it, the user already has a login)
So I wont use utmp for security reasons.
Offline
only group differs for utmp
Yup, that's the cause.
https://bugs.archlinux.org/task/58306
So I wont use utmp for security reasons.
nb. that there's no security issue w/ utmp, it just won't allow you to reliably track anything in this context and what you could track is also pretty meaningless.
So if you want to track your users actions, you should use a different approach, otherwise you don't have to care about xterm entries in the utmp log at all.
Offline
To summarize all:
System should display that someone is logged on pts terminal by commands: w, who, last, if xterm is run.
So /usr/lib/utempter/utempter (like /var/run/utmp) must be in utmp group and have setgid set by commands:
chown root:utmp /usr/lib/utempter/utempter
chmod 2755 /usr/lib/utempter/utempter
chmod command is needed, because change of group reset setgid.
/var/run/utmp permissions should be 0644.
So if someone don't want to work this, he should change group utmp of /usr/lib/utempter/utempter to some other group or remove setgid.
As a side note, I have no idea why on laptop /usr/lib/utempter/utempter belongs to git group. Maybe some weird packages settings? I didn't mess with it. And laptop installation is much older than desktop.
Offline