Accounting changes
Peter Jeremy
peterjeremy at optushome.com.au
Thu Apr 19 21:42:40 UTC 2007
On 2007-Apr-19 21:15:01 +0000, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
>In message <20070419212253.L2913 at fledge.watson.org>, Robert Watson writes:
>
>>> __dev_t ac_tty; /* controlling tty */
>
>This field is useless, nobody uses hardwired RS-232 terminals
>anymore.
>
>What we should do is add a systemcall or sysctl, so session creators
>like getty, sshd and similar can install a session indentifying string
>on the session, and then dump that in the accounting.
In theory, something that creates a session should be logging a utmp
record that links the assigned PTY to the session initiator. The
PTY name reflects the session identifier and the utmp record can be
used to work out who/how the session was initiated. This approach
seems more reasonable than recording complete session information in
each raw accounting record.
In practice, not all sessions have utmp records and many utilities are
not recording logouts. Fixing this and maybe adding information
relating to credentials would seem to be less intrusive than modifying
ac_tty.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20070419/50b720e6/attachment.pgp
More information about the freebsd-arch
mailing list