Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Definitely a newbie question here. I'm running Slackware 12 on a couple of machines, to be used by a group of people. I'm the default sys admin. I'd like to maintain a log of logins, that can't be deleted, even if someone has obtained the super user login info. Is this possible?
You mean a file that is impossible to delete under any circumstances? As far as I know, that can't be done under a Unix environment (sounds like a Windows "feature").
You could push the file to a remote server/device though, or somehow hide and or encrypt it.
The lastlog command should do what you need. However, once root is logged in they can do whatever they want. Perhaps you could have a cron job run the transfers /var/log/lastlog to a remote location every few minutes. The problem there is that whoever gets root access could view that cron job and find the remote log as well.
If they get in as root, your options are limited.
You can scp or ftp to a remote system, but it (the remote sys) will have to prevent that same cxn deleting files.
The old fashioned bullet-proof way is a cheap (remote) printer or other write-only device eg burn to a WORM CD/DVD drive (again remote to prevent physical theft).
Of course, email (to a remote sys) is an option...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.