LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 02-25-2016, 03:24 PM   #1
jdelaporte
LQ Newbie
 
Registered: Jun 2014
Posts: 8

Rep: Reputation: Disabled
What are these system logins from who command?


I've been using Linux for a a few years, but I'm still a little green around the edges. I recently noticed the following in my lab hosts at school, and I am trying to figure out what the system logins mean. The man page gives no info about the Comment section. The man page implies these are incoming or local logins. The hosts are all running Slackware 14.1.

Are these incoming login connections, outgoing connections, or something else? I do not expect to see these login sessions on my lab machines, and every machine I have looked at has them (always a subset of c1-c6), so I am mildly concerned. We have some cisco routers that are named c1 through c5, but there is no c6 router.

Code:
$ who -l
NAME       LINE         TIME             IDLE          PID COMMENT
userme + tty1         2016-02-25 11:05 02:52         867
LOGIN      tty2         2016-02-25 11:04               868 id=c2
LOGIN      tty3         2016-02-25 11:04               869 id=c3
LOGIN      tty4         2016-02-25 11:04               870 id=c4
LOGIN      tty5         2016-02-25 11:04               871 id=c5
LOGIN      tty6         2016-02-25 11:04               872 id=c6
Looking at the processes, I see the following:
Code:
$ ps -ef | grep 869
root       869     1  0 11:04 tty3     00:00:00 /sbin/agetty 38400 tty3 linux

$ pstree
init-+-acpid
     |-5*[agetty]
     |-atd
So, root is spawning ttys for these logins. But, what are they? Where can I determine why these are created, and for what purpose? Where does the id value come from? Are these possibly related to the routers, or is this some internal service login, and how would I verify that?

I can't find anything in the messages, system, or secure logs about these logins. They appear to be created about two minutes after reboot. I just rebooted and ssh'd back into this machine, and here they are again, with new times, and one new one:

Code:
$ who
LOGIN      tty1         2016-02-25 14:59               876 id=c1
LOGIN      tty2         2016-02-25 14:59               877 id=c2
LOGIN      tty3         2016-02-25 14:59               878 id=c3
LOGIN      tty4         2016-02-25 14:59               879 id=c4
LOGIN      tty5         2016-02-25 14:59               880 id=c5
LOGIN      tty6         2016-02-25 14:59               881 id=c6
userme + pts/0        2016-02-25 15:01   .           885 (myip)

I don't have /etc/anacrontab or /etc/crontab. Root's crontab doesn't have any jobs that run at reboot.
I recursively grep'd for c1 through c6 and agetty in my /etc/rc.d directory (which is the init directory on Slackware), and found only random other stuff like modules and keys that had the strings c1-c6 in them.

If you can point me toward identifying these, I'll owe you a drink.

-Joanna-
 
Old 02-25-2016, 04:41 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,125

Rep: Reputation: 1260Reputation: 1260Reputation: 1260Reputation: 1260Reputation: 1260Reputation: 1260Reputation: 1260Reputation: 1260Reputation: 1260
ttyx are virtual consoles. agetty is the program running as root to wait for someone to login on each of those consoles. It sets the username shown by who to LOGIN.
 
Old 02-25-2016, 05:02 PM   #3
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,592

Rep: Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880Reputation: 5880
The term tty (teletypewriter) dates back to the beginning of multiuser computers. They connected to the mainframe using RS-232 (serial). Teletypewriters were mechanical devices which lead to the development of electronic terminals. The DEC VT100 was a popular model.

Most distributions create 6 virtual terminals tty1-tty6. You can switch between them by pressing the keys alt-f1 thru alt-f6 and you should see a login in prompt for each. These are local login processes. tty1 is the default and this is what you would see when linux boots without a GUI.

pts is a pseudo terminal and is created when you log in via ssh.
 
Old 03-03-2016, 08:48 AM   #4
jdelaporte
LQ Newbie
 
Registered: Jun 2014
Posts: 8

Original Poster
Rep: Reputation: Disabled
Thanks smallpond and michaelk! Those were my virtual terminals, which I proved by logging in on tty3 and running the who command, where the tty held by id=c3 was replaced by my login.

Thanks!
 
  


Reply

Tags
cli, login, security, slackware 14.1


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Display only logins with an inactivity period of 3 hours or more using who command jdavis_33 Linux - General 2 02-27-2013 08:50 AM
/etc/pam.d/system-aut Setup Account Lock after Failed Logins Centos 6 mccartjd Linux - Security 0 12-09-2011 04:36 PM
LXer: Using scponly To Allow SCP/SFTP Logins And Disable SSH Logins On Debian Squeeze LXer Syndicated Linux News 0 08-24-2011 04:20 AM
Command(s) for tracking user logins on multiple computers? jtrappey Linux - Newbie 2 07-24-2008 11:52 AM
the opposite command of su? can i access user logins when i am root? how? kublador Linux - Newbie 3 09-11-2003 03:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration