ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Something is happening that is causing bogus apparent logins. When a person logs in and out, you can see with the "w" command the status of his logging in. And after he has logged out, you can no longer see his name. However, the first line indicating the number of login users does not report an accurate count. At present, if I can count the user ID output with "w" I see 6. However, the first line is reporting 17 users.
Some accounts can login and log out and the number will increase and decrease. Some accounts will login in, and number will increase, but when they log out, the user name will not decrease.
Can someone advise me of where to look for a possible culprit in this matter.
I don't know if this affects or is one of the causes of the problem, but I recently manually added a number of accounts from one of the retired servers in the network.
The procedure I did was to have a routine to make a password record, add the information for the fields which included the login ID, an "x" indicating shadowed pass, an incremented user ID, group ID, Comment, home directory and shell. I did the same thing to append an appropriate shadow record. My routine created the users home directory and set the owner to the user.
There wasn't a glitch as everyone was able to continue using the new system just as they did the old system.
I described a recent change, but don't think this is the culprit because this isn't the first machine that this routine has worked on. I don't know if the problem with the "w" out came before this change over or after the changeover.
On a slightly related issue, can someone advise me if there is a flaw in my changeover method. Should I have included something else (whether it's the culprit of my problem or not). Is there some type of authentication application that can be run on the passwd file to verify the all the accounts and integrity of the system.
Thanks in advance for any suggestions or comments.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,602
Rep:
Larry,
Try typing who and see what the output is. Does it come up with the first number or the second? You may want to get a copy of w from a known good CD and try that one as it is possible that w has been tampered with.
Thanks. I already did a cmp on the current w and a backup of w. I just tested runing the backup w and got the same thing. The backup is from a tar of the original install. I did this originally to study the difference between a default install and the changes that I knew I'd be making.
By the way, I failed to include that I had removed the /var/log/wtmp and rebooted the computer in case there was a problem with it trying to update a corrupted wtmp file.
Maybe I'll should consider reinstalling the package the w was a part of..
I appreciate your anticipation of an intruder. I'll be doing a totally new install soon. I believe the effort in trying to immediately fix this glitch might become educational and help me to identify other problems that may exist but may not have shown up yet.
Okay. I found out more information about this problem. This only happens with users who log in and use ppp. The pppd is not updating the utmp file. This is causing zombie users who are appearing in finger and who, but who doesn't not appear in w and last. Maybe there is some type of pppd option to force update of the utmp when the user disconnects.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.