Summary: "w" gives wrong user login info

From: shubin@peabody.jhu.edu
Date: Mon Aug 02 1999 - 08:33:32 CDT


Thanks very much for the quick responses from:

Reichert, Alan <aareichert@tasc.com>
Scott Adkins <sadkins@voyager2.cns.ohiou.edu>
Chad Price <cprice@molbio.unmc.edu>
Michael A. Peterson <peterson@chem.ufl.edu>

The recommended ways to fix it are:

1. Modify the utmp file directly(but that can be dangerous and klunky),
and always make copies of your utmp/wtmp files before you do it.

2. Restart utmpd if you can afford losing system log info.

3. Constantly telnet into localhost over and over again, logging in as
yourself. You will eventually log into the tty that has the user listed
in the who listing. Once you have reached that particular tty, log back
out of all the sessions. When you look at the who listing after that,
the ghost users should be gone.

I did a reboot in the midnight and the server is OK now.
Since the answers are not long, I put it below and I am sure
you'll enjoy them.

THANKS again for all your help!

Shubin Wang

---------------------------------------------
You may be able to fix this by clearing the utmp/wtmp files.

First, if you need the info, cat them to another file for storage,
then cat /dev/null to each of them to clear them.

Drawback of this is you will lose information on folks who are logged in
at the time you do it.
--------------------------------------------------------------------------
I find the simplist, but most annoying way to clean it up is by constantly
telnetting into localhost over and over again, logging in as yourself.
You will eventually log into the tty that has the user listed in the who
listing
(even though they aren't currently logged in). Once you have reached that
particular tty, log back out of all the sessions. When you look at the
who
listing after that, the ghost users should be gone (since the act of
logging
out of your account cleaned up the utmp file entry for you!).

There are other ways of doing it, such as modifying the utmp file
directly,
but that can be dangerous and klunky. I use the old telnet trick on all
the flavors of UNIX (Linux, Solaris, BSDI, etc) with quite a bit of
success.

By the way, I don't know what causes ghost users to occur in the who
list...
obviously, some program (maybe login or something) failed to cleanup the
utmp
file successfully. In any the case, I find it rarely happens. On
Solaris,
I actually find the reverse happens more often... somebody logs in and
they
fail to make it *on* to the who list (meaning, the login program didn't
add
the entry to the utmp file at all). This may be a little annoying to some
of them, but all they have to do is log out and log back in.
---------------------------------------------------------------------------
This is what I consider to be a "well known problem" which Sun has not
bothered to patch... It haunted me for all the years I ran 2.4 and
appears
from your comments to be unfixed in 2.6. The wtmp and associated files
have incorrect information in them. I think it is fixed in 2.7, but have
only been running it a few months and so am not positive.
----------------------------------------------------------------------------
I saw that problem when the utmpd daemon had core dumped. Restarting
utmpd
(with '/etc/init.d/utmpd start') fixed the problem.

I think there is a patch for this, as it doesn't happen on my machine any
more. But I don't know what the patch number is or what version of Sol
you're
running. This happened to me under 2.6.
----------------------------------------------------------------------------
The original question:
>A big problem found on my E250 with Solaris2.6:
> The command "w" showed there're some users
> on the systems but actually there're no so many,
> so the output of "w" is not correct.
>
> Is there a way it can be fixed without rebooting?
>
> It's email server with hundreds user accounts.
> No system accounting running on the server.
>
> Thanks in advance and I will summerize as always.
>
> Shubin Wang
>
> Unix Sys Admin.
> Peabody Institute, JHU
> Tel: 410-659-8241



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:24 CDT