syslogin_perform_logout: logout() returned an error

From: Bernhard Fiser (b.fiser_at_abenteuerland.at)
Date: 05/09/04

  • Next message: pillai.a_at_pg.com: "HP-UX logname: could not get login name"
    To: secureshell@securityfocus.com
    Date: Sun, 9 May 2004 12:35:10 +0200
    
    

    After setting up a tiny jail on a FreeBSD 4.9-STABLE and running sshd
    (OpenSSH_3.5p1) for the purpose of a secure remote cvs area, I discovered the
    following error message (within auth.log which is logged from sshd to
    syslogd) during the logout procedure of the user:

    May 9 08:20:22 www sshd[866]: syslogin_perform_logout: logout() returned an
    error

    Going through several mailing lists showed me that some other users discovered
    the same message, but no reasonable statements were made to how to solve this
    problem. That's why I tried to locate it and here's what I found:

    The message is generated within syslogin_perform_logout() in loginrec.c if the
    call to logout() from libutil (see logout(3)) fails. It fails if it could not
    find a corresponding entry within utmp. This entry is generated by a call to
    login() (see login(3)) during the user logs onto the host before, but login()
    doesn't have any return value, so there's no reasonable way to determine if
    the call succeeded. And this is the problem (was it on my host). Login()
    makes entries into utmp by grabbing the name of the tty by a call to
    ttyslot() (see ttyslot(3)) and ttyslot() needs the file /etc/ttys to work
    properly.

    So what to do now to correct set up your jail on your system:
    1) Make sure (touch) that the following files exist:
    /var/log/wtmp
    /var/log/lastlog
    /var/run/utmp

    2) Make sure that the file /etc/ttys (see ttys(5)) exists!!! (That was the
    problem on my system).

    3) Additionally you might place an additional log socket into your jail by
    specifying the option -l <sock> to your syslogd.

    Regards,
    Bernhard

    -- 
    _____________________________________________________________________________
    Bernhard Fiser
    b.fiser@abenteuerland.at
    http://www.abenteuerland.at/bf/
    >>> Linux is for networking, Mac is for working, Windows is for Solitaire <<<
    

  • Next message: pillai.a_at_pg.com: "HP-UX logname: could not get login name"

    Relevant Pages

    • Re: SSH From within a Jail
      ... > I am not running sshd in the jail. ... > attach to sshd on another server from inside the jail. ...
      (freebsd-hackers)
    • Re: SSH From within a Jail
      ... If I ssh into 10.0.0.60 from the host system that the ... >> I am not running sshd in the jail. ... To unsubscribe, ...
      (freebsd-hackers)
    • Network Device(s) within jail?
      ... Within this server is a jail that is running sshd, ... The ethernet adapter has an alias to ... selections to try to obtain a port or package via FTP, ...
      (freebsd-questions)
    • Re: How to login to my jail from host itself (normal user)
      ... I would like to keep her in jail because she is reckless. ... I would like to know how to login to my jail as normal user from host itself when login prompt appear. ... if you want to support console based logins direct to a jail. ...
      (freebsd-questions)
    • Re: Problem authenticating with sasl in jail
      ... There may be a similar issue with Cyrus and sounds like something one would overlook. ... I have checked using cyradm to connect from the host to host, host to jail, jail to host and jail to jail. ... It appears to be something with the realm, really: I did a bad login on the working server just to see what goes on there: ...
      (freebsd-questions)