[SOLVED] "Unknown" user present?

Sheridan · 04-17-2012, 06:31 AM

Hi there,

I never had this issue until I first setup a small production box to prooftest the new Fedora 16 before upgrading the rest of the machines.

I honestly don't remember if the following was the case right after the clean install, because I didn't check it in particular, but a few days ago I started to notice a very strange thing.

I always see at least 2 users logged in, myself and an "unknown" one... check this...

Code:

[root@bigbang html]# who
(unknown) tty2         2012-04-05 16:59 (:0)
sheridan pts/0        2012-04-17 10:55 (10.8.0.11)

The second's me...

Like I said, I never had this issue before... But since lots of new things are there in F16, I thought I ask around to make sure...

So is the (unknown) user (always logged in) supposed to be a normal thing? Or do I have a problem? Maybe a security problem?

Thanks!

MensaWater · 04-17-2012, 07:24 AM

What do you see if you run "ps -fttty2" to see processes on that tty?

Sheridan · 04-17-2012, 08:32 AM

Quote:

Originally Posted by MensaWater

What do you see if you run "ps -fttty2" to see processes on that tty?

Here you go...

Code:

[root@bigbang html]# ps -fttty2
UID        PID  PPID  C STIME TTY          TIME CMD
root     14512 14510  0 Apr05 tty2     00:00:12 /usr/bin/Xorg :0 -br -verbose -logverbose 7 -auth /var/run/gdm/auth-for-gdm-a8uJr7/database -nolisten tcp

Hm... Am I right in assuming that it's just the X server? Then why am I seeing it as a "user" of some kind?

(EDIT: hell... or maybe there's something I don't see...)

MensaWater · 04-17-2012, 08:41 AM

That's what it looks like to me. Is X running on tty2 on your console?

On console if you hit Alt-F2 it should take you to tty2 (assuming you're not already in X). If you hit "Ctrl-Alt-F1" it will take you to tty1 then Alt-F2 ideally would take you back to the X screen.

Sheridan · 04-17-2012, 08:45 AM

Quote:

Originally Posted by MensaWater

That's what it looks like to me. Is X running on tty2 on your console?

Tried it over remote console, and yes - ALT+F2 does take me to X. However apparently noone is logged in right now (and nor should there be anyone).

MensaWater · 04-17-2012, 12:31 PM

Right X session is just there with a login screen typically. You don't have to use it.

I don't have Fedora14 so don't see this - I do see it as owned by "root" on RHEL5.

If you look at /etc/inittab you should see a line like:
x:5:respawn:/etc/X11/prefdm -nodaemon

If you change the respawn to off then type "init q" it will disable the X11 session.

Also in inittab you should see lines like:
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6
8:2345:respawn:/sbin/mingetty tty8

You likely don't have the tty2 line above (I don't have tty7 because the GUI starts on tty7 rather than tty2). If you add a line for the mingetty for tty2 then it will start a standard console virtual terminal on tty2 instead of the GUI (assuming you have first set respawn to off on the line mentioned earlier).

Sheridan · 04-21-2012, 03:12 AM

Quote:

Originally Posted by MensaWater

I don't have Fedora14 so don't see this - I do see it as owned by "root" on RHEL5.

If you look at /etc/inittab you should see a line like:
x:5:respawn:/etc/X11/prefdm -nodaemon

Hey man,

Nice advice, thank you.

Unfortunately on Fedora 16 it seems that things have changed quite a bit... On F15 there was a proper inittab like you describe, but on F16 now I only see this:

# inittab is no longer used when using systemd.

So I guess I've got to get to know this 'magic' systemd finally... I keep bumping into it more and more since the upgrade. Who knows, maybe I'll find out that I like it. For now, it just complicates things for me, but we'll see.

Oh well.. So I will try to google around... I need to learn this at some point anyway...