bug-coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: wrong output of "who" and "finger"


From: Burba, Viktor
Subject: AW: wrong output of "who" and "finger"
Date: Tue, 3 Nov 2009 12:07:05 +0100

Thank you very much, by the way I forgot to mention I have SuSE SLES10 x86_64. 
But it does not matter, thanks a lot, now I have idea where to look for 

Viktor Burba

-----Urspr√ľngliche Nachricht-----
Von: Bob Proulx [mailto:address@hidden 
Gesendet: Montag, 2. November 2009 22:53
An: Burba, Viktor
Cc: address@hidden
Betreff: Re: wrong output of "who" and "finger"

Burba, Viktor wrote:
> I have a problem with output from "who" command. As you can see below
> 
> busdm:~ # who -u
> root     pts/0        Nov  2 15:56   .         21861 (192.168.0.20)
> root     pts/6        Jun 18 13:04   ?         15579 (10.11.20.1)
> 
> busdm:~ # uptime
>   4:06pm  up 3 days  2:19,  2 users,  load average: 0.42, 0.30, 0.16
> busdm:~ # date
> Mon Nov  2 16:07:04 CET 2009
> 
> "who" shows me users logged in from Jun18, even so the host has been
> rebooted 3 days ago and today's date of the host is 2nd Nov. Also
> there is no PID 15579. Can you please explain this weird behaviour?

The who command reads the system's utmp file.  This traditionally
existed at /etc/utmp but on modern systems has been moved to
/var/run/tmp.  You can find the actual file on your system by running
who under strace or other system call tracing tool.  Such as:

  $ strace -e file -o /tmp/who.strace who
  $ grep utmp /tmp/who.strace

When users log in, log out, create terminal windows in a graphical
terminal environment (e.g. start an xterm under X windows) the system
records this in the utmp file.  This is a log by "dead-reckoning" and
may become out of sync with reality if the system doesn't track it
correctly.  If a login entry is recorded but no corresponding logout
entry then who will report an entry which isn't really active.  The
who command reports data from that file.  If the data recorded doesn't
make sense then the result from who won't make sense.  GIGO.

It is usually the job of system start up scripts (aka rc scripts) to
set up the utmp file properly at system boot time.  Since the system
may have crashed previously the utmp file may contain stale
information.  At boot time a system script truncates the file to zero,
sets the proper ownership and permissions and prepares it for use.  On
my Debian system this is done in the /etc/init.d/bootmisc.sh script.

It appears that your system isn't properly clearing that file at boot
time.  You didn't say what system you were using.  But regardless the
problem appears to me with your report to be in a problem with the
boot time preparation of the utmp file.

Bob




reply via email to

[Prev in Thread] Current Thread [Next in Thread]