LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 12-09-2000, 10:01 AM   #1
Larry James
Member
 
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 376

Rep: Reputation: 40

Something is happening that is causing bogus apparent logins. When a person logs in and out, you can see with the "w" command the status of his logging in. And after he has logged out, you can no longer see his name. However, the first line indicating the number of login users does not report an accurate count. At present, if I can count the user ID output with "w" I see 6. However, the first line is reporting 17 users.

Some accounts can login and log out and the number will increase and decrease. Some accounts will login in, and number will increase, but when they log out, the user name will not decrease.

Can someone advise me of where to look for a possible culprit in this matter.

I don't know if this affects or is one of the causes of the problem, but I recently manually added a number of accounts from one of the retired servers in the network.

The procedure I did was to have a routine to make a password record, add the information for the fields which included the login ID, an "x" indicating shadowed pass, an incremented user ID, group ID, Comment, home directory and shell. I did the same thing to append an appropriate shadow record. My routine created the users home directory and set the owner to the user.

There wasn't a glitch as everyone was able to continue using the new system just as they did the old system.

I described a recent change, but don't think this is the culprit because this isn't the first machine that this routine has worked on. I don't know if the problem with the "w" out came before this change over or after the changeover.

On a slightly related issue, can someone advise me if there is a flaw in my changeover method. Should I have included something else (whether it's the culprit of my problem or not). Is there some type of authentication application that can be run on the passwd file to verify the all the accounts and integrity of the system.

Thanks in advance for any suggestions or comments.


-- L. James


 
Old 12-09-2000, 11:38 AM   #2
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 12,720

Rep: Reputation: 3496Reputation: 3496Reputation: 3496Reputation: 3496Reputation: 3496Reputation: 3496Reputation: 3496Reputation: 3496Reputation: 3496Reputation: 3496Reputation: 3496
Larry,
Try typing who and see what the output is. Does it come up with the first number or the second? You may want to get a copy of w from a known good CD and try that one as it is possible that w has been tampered with.
 
Old 12-09-2000, 12:41 PM   #3
Larry James
Member
 
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 376

Original Poster
Rep: Reputation: 40
Thanks. I already did a cmp on the current w and a backup of w. I just tested runing the backup w and got the same thing. The backup is from a tar of the original install. I did this originally to study the difference between a default install and the changes that I knew I'd be making.

By the way, I failed to include that I had removed the /var/log/wtmp and rebooted the computer in case there was a problem with it trying to update a corrupted wtmp file.

Maybe I'll should consider reinstalling the package the w was a part of..

I appreciate your anticipation of an intruder. I'll be doing a totally new install soon. I believe the effort in trying to immediately fix this glitch might become educational and help me to identify other problems that may exist but may not have shown up yet.

-- L. James
 
Old 12-10-2000, 11:59 AM   #4
Larry James
Member
 
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 376

Original Poster
Rep: Reputation: 40
Okay. I found out more information about this problem. This only happens with users who log in and use ppp. The pppd is not updating the utmp file. This is causing zombie users who are appearing in finger and who, but who doesn't not appear in w and last. Maybe there is some type of pppd option to force update of the utmp when the user disconnects.

The command line that starts the PPP session is:

/usr/sbin/pppd -detach crtscts lock 10.1.2.1:10.1.2.3

I'm running pppd version 2.4.0b4.

Thanks again for anyone who has any comments or suggestoins.

-- L. James
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 09:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration