Modifying who to hide the host of other users is not as useful as it first appears. While it does indeed prevent who from displaying the host users have used to log on, who is merely a tool to pretty-print the data in the utmp file1. For who to work, the utmp must be world-readable, and if this is the case, the hosts can be fetched from it with a simple strings /var/run/utmp, or the utmp can be copied to a machine with an unmodified who, or the user can compile their own, unmodified version of who. It is not possible to deny access to only selected parts of the data in utmp; it's all or nothing.
If you don't want users finding out the hosts other users have used to log on, you have a few options:
- Disable who for regular users, by removing their permission to read the utmp
- Modify login not to log the host to the utmp
- Use a daemon to make a redacted copy of the complete utmp for regular users
Of these options, the last is the most useful:
administrators get access to a complete who, while users get a who that does not display the hosts, and no matter what the user does, he cannot find out the host another is using (though he could guess by using something like
netstat -tpn |
grep "\:22 "). The only disadvantage is a significantly higher implementation cost: to my knowledge such a daemon does not exist, and would have to be written from scratch.
1 - Some unices may use wtmp instead of utmp, and some unices may use both