Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am looking through the linux user accouting implementation. A simple question that keeps bugging me is the possibility of multiple user logins from one single terminal or psuedo terminals. Is it possible for two or more users to login from one terminal?
I know of the 'su' possibility. One user may do 'su' to change to another user. Apart from this is there any other possibility?
Perhaps you could put a bit more definition into "terminal". If you mean a single computer on the network then yes. If you mean a single terminal window then I suppose that if you "su" then technically you have more then one user logged in. But like I said, it depends on your definition of "terminal".
Perhaps you could put a bit more definition into "terminal".
What I mean by terminal is tty1, tty2....,pts/0,pts/1,....
The tty series and the pts series are the terminal names used by the login/getty programs to connect the local or the remote users to the machine.
Quote:
Originally Posted by Cr0wb4r
If you mean a single computer on the network then yes.
In the case of text terminals / dump terminals, one single computer on a network serviced the dump terminals. In this context, the question gets simplified as follows: Is it possible for multiple users to login through the dump terminal somehow and show up in "w" / "who" command listing?
Quote:
Originally Posted by Cr0wb4r
If you mean a single terminal window then I suppose that if you "su" then technically you have more then one user logged in. But like I said, it depends on your definition of "terminal".
With the graphical desktop environment, both gnome-terminal and KDE terminal open one "pts" for each terminal window. For the sake of clarity, we can talk of one terminal window as equivalent to one dump terminal / text terminal of previous generation. By default gnome-terminal and KDE terminal somehow login the GUI user into the terminal. Thus, by the time the terminal is open, a user is already logged in. Ignoring the "su" possibility, is there any other way for two users to show up in "w" / "who" commands as having a single terminal?
As far as tty terminals, I have run many different users on one system with each tty dedicated to a single user, so the answer to that would be yes.
I don't know about two users showing up in "w" / "who" as having a single terminal.
And I am pretty sure that all users who are logged in will show up when you do the "who" or "users" command along with each tty that that account is currently logged on to.
Feel free to play around with those things a bit and post your results here sot that others can learn from it as well.
As far as tty terminals, I have run many different users on one system with each tty dedicated to a single user, so the answer to that would be yes.
This point is clarified.Thanks.
Quote:
Originally Posted by Cr0wb4r
I don't know about two users showing up in "w" / "who" as having a single terminal.
I read in Linux documentation that programs like init, logout and getty modify the /var/run/utmp and /var/log/wtmp files. The documentation also states that "w" / "who" commands pull their user data from the /var/log/utmp file. Theoretically it is possible for "w" / "who" to show two users with same terminal by adding one entry with new username and in-use terminal name in the /var/run/utmp and /var/log/wtmp files. The /var/run/utmp and /var/log/wtmp are binary files which handles the data in the units of utmpx structure. To the best of my knowledge, I have not come across any program which would store such an anomaly in either /var/run/utmp or /var/log/wtmp file.
I am just checking on this front. If any other program modifies the /var/log/wtmp or /var/run/utmp files, please let me know. I can read up more information on these yet unknown programs.
Quote:
Originally Posted by Cr0wb4r
And I am pretty sure that all users who are logged in will show up when you do the "who" or "users" command along with each tty that that account is currently logged on to.
Going by the previous explanation, it may be possible to fool "w" / "who" into displaying wrong results.
Quote:
Originally Posted by Cr0wb4r
Feel free to play around with those things a bit and post your results here sot that others can learn from it as well.
I am sort of playing around with the wtmp file anyway. The idea is to somehow integrate the "/var/log/wtmp" files of the LAN connected computers by making the local user login - logout accounting centralized. The transfer of information from a LAN computer to server will take place through syslog-ng client-server interaction. The network communication part is still in the ideation phase. Once the work is complete, I will post the results and the code.
I read in Linux documentation that programs like init, logout and getty modify the /var/run/utmp and /var/log/wtmp files. The documentation also states that "w" / "who" commands pull their user data from the /var/log/utmp file. Theoretically it is possible for "w" / "who" to show two users with same terminal by adding one entry with new username and in-use terminal name in the /var/run/utmp and /var/log/wtmp files. The /var/run/utmp and /var/log/wtmp are binary files which handles the data in the units of utmpx structure. To the best of my knowledge, I have not come across any program which would store such an anomaly in either /var/run/utmp or /var/log/wtmp file.
I am just checking on this front. If any other program modifies the /var/log/wtmp or /var/run/utmp files, please let me know. I can read up more information on these yet unknown programs.
Most interesting. I need to read the documentation on these things more in depth.
Depending on how it gets the results in theory this might be possible, and it would be interesting to run some tests.
Though I am not aware of any other programs that use /var/log/wtmp or /var/run/utmp.
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
the answer really comes down to what you are attempting to actually DO, yes you can have multiple logins at one console
tty1 -> user1
tty2 -> user2
tty3 -> user4
...
ttyN -> user5
but herein lies the problem, the machine still only has one physical monitor, keyboard and mouse and can only display and interact with one TTY at a time
you could use hardware terminals such as WYSE terminals or terminal emulators running on low power machines attached to the serial ports to add the ability to have more users attached simultaneously (though this is limited to text only applications)
such as
/dev/tty1 -> user1
/dev/ttyS0 -> user2
/dev/ttyS1 -> user3
...
/dev/ttySN -. userN
(though this is limited to the number of serial ports your computer has + the actual display)
you could also enable telnet or (preferabley) ssh, and allow multiple users to simultaneously connect via lan
or you could (X11 only, but you can use terminal windows) add multiple video cards, keyboards, mice (limited by the number of slots and ports on the video cards) and create a 'multi seat' arrangement where each monitor/keyboard/mouse setup is it's own login session.
unfortunatly which of these solutions, if any, is relevant i can't tell you without further information as to your purpose.
but herein lies the problem, the machine still only has one physical monitor, keyboard and mouse and can only display and interact with one TTY at a time
You have a point but I think that the purpose of the question by the OP is simply to learn more. As for the practical use of this knowledge, it seems to me that an intruder could use and manipulate files to hide their presence. Yeah I am sure we all know that crackers can "hide their presence" but once you understand "how" you have a new perspective on things.
Thanks frieza and Cr0wb4r for your insights. I do apologize for the delayed response.
The response by frieza has taken a new but interesting direction. I have always had this question in the back of my mind. The multi-seat Linux computer; Thanks for the impetus. I will appreciate very much if you can point me to a good starting point. I will look more into this.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.