Linux remove or clear the last login information

by Vivek Gite on January 27, 2007 · 11 comments

Q. How do I clear or remove last login information? I would like to clear all the login information. I am using Fedora Core 6 Linux.

A. /var/log/lastlog file stores user last login information. This is binary file. You need to use lastlog command to formats and prints the contents of the last login log /var/log/lastlog file.

Following information is printed using lastlog command:

=> The login-name

=> Port

=> Last login time

Task: Display last login information

Simply type lastlog:
$ lastlog
Output:

Username         Port     From             Latest
root             tty1                      Thu Jan 25 15:23:50 +0530 2007
daemon                                     **Never logged in**
bin                                        **Never logged in**
sys                                        **Never logged in**
sync                                       **Never logged in**
vivek            tty1                      Sat Jan 27 22:10:36 +0530 2007
pdnsd                                      **Never logged in**
sshd                                       **Never logged in**
messagebus                                 **Never logged in**
bind                                       **Never logged in**
sweta           tty1                      Sat Jan 27 19:55:22 +0530 2007

Note: If the user has never logged in the message "**Never logged in**" will be displayed instead of the port and time.

Task: Clear last login information

Simply overwrite /var/log/lastlog file. You must be the root user. First make a backup of /var/log/lastlog:
# cp /var/log/lastlog /root
Now overwrite file using any one of the following command:
# >/var/log/lastlog
OR
# cat > /var/log/lastlog
Press CTR+D

Featured Articles:

Share this with other sys admins!
Facebook it - Tweet it - Print it -

{ 11 comments… read them below or add one }

1 Daniel K January 29, 2007

maybe simpler:

sudo touch /var/log/lastlog ?

Reply

2 nixcraft January 29, 2007

Daniel,

Touch command update the access and modification times of each FILE to the current time. So it will not empty the file.

If file is deleted, you can use touch command. Agin you need to run chmod to set correct permission:

sudo /bin/rm /var/log/lastlog
sudo touch /var/log/lastlog
soud chown root:adm /var/log/lastlog

Reply

3 Vasudeva May 2, 2008

Lastlog will not have su information. Like user1 su to user2 this login information will not update the lastlog file. Is it possible to customize this to update su information also into lastlogin ? If yes please help me how to do this.

Reply

4 emcgfx September 1, 2008

ln -sf /dev/null /var/log/lastlog

Reply

5 Amit Verma February 2, 2009

Even Simpler (to remove the contents of file /var/log/lastlog)
Type -

>/var/log/lastlog

Thatis it. File/Log everything is clear..

Reply

6 Schop March 16, 2009

‘Course it works like a charm and is very simple, but how on earth do ik keep the file empty? On logon it gets updated en thus rewritten if “damaged”. Only Emcgfx’ method persists:

09.01.08 at 8:18 am
# ln -sf /dev/null /var/log/lastlog

Reply

7 choyal July 14, 2009

ln -sf /dev/null /var/log/lastlog

this is very good way to remove login info of user because
when user logins its info goes to the file /var/log/lastlog —> /dev/null
means data goes to /dev/null and this will be distroyed

Reply

8 Me September 18, 2009

That didn’t work for me on CentOS 5.2

I had a file named ‘wtmp’ (/var/log/wtmp?) that also needed emptying

Reply

9 Schop September 18, 2009

You can keep any “file” clean and cleared using a link to /dev/null. If it is possible to replace the file with a link – and the process accessing it is capable of using the link instead of complaining – it will work.

Reply

10 Steven April 23, 2010

Depending on your shell settings, you may have to replace:
>/var/log/lastlog
with:
>|/var/log/lastlog

Reply

11 qweeak September 10, 2011

Here is the thing.. if u delete the login details, you are logged into /var/log/messages.
If you delete the that in message and command history , that is again logged rite ? how do u stop this cycle ?

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 2 + 12 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.



Previous post:

Next post: