I have found recently that "who" shows users that have already logged off. For instance, I was compiling some software, and was logged into 3 ttys on the machine, going back and forth to look at different files. After I logged off on tty 2 and 3, running "who" on tty 1 showed me still logged on 2 and 3. "ps" shows agetty running on those consoles (not bash).

Now, usually, this wouldn't be a problem. However, I made a script that turns the machine off if:

A. Nobody is logged on

and

B. No other computers are active on the LAN

The way it checks if anybody is logged on is to check the output of "who".

This worked fine for about a month. Recently however the machine stayed on, which is when I discovered the "who" problem.

So I need to figure out why "who" isn't updating properly. I imagine it is a problem with the utmp file, but I don't even know where to start looking.

It is also slightly random, some days it works fine, others it doesn't. Though lately, it doesn't work more than it does.

The machine runs Slackware 9.0, and I have not made any changes to the login progress.

Take a look at man who.
Maybe you can uso who -l and check if there's a tty in use.

That's the thing, it shows ttys in use when I know they aren't. I physically logged out of them myself.

I don't think it is a "who" problem really, but more of a problem with "utmp" which is what is supposed to keep track of logged on users.

You didn't by any chance background a process
on those tty's?


Cheers,
Tink

No, at least, nothing I initiated.

For example, as a test, I just logged in to the machine on tty 1 - 3. I let them sit there for about a minute, then logged out of each one separately. I didn't run any commands on the consoles except "logout".

I run "who" on tty1, and I get: 2 users logged into tty1 (the previous login, plus the current one) and one user on tty2. Nothing on tty3, which illustrates the randomness of it.

I still don't have a fix for this problem, unfortunately.

I have checked everything I can think of, but I have yet to turn up anything.

I've been having the same problem. It is caused (at least in my situation) when a terminal emulator (gnome-terminal, rxvt) doesn't close down cleanly. I don't have a solution for this yet either, but the workaround I use is to not let those terminals update the utmp files.

That is calling rxvt with -ut, or modifying the gnome-terminal settings to disable it:

Edit Current Profile > Title and Command > Update login records

Each terminal program should have settings to disable this. That way they won't allocate a pts and (if you exit X before closing these terminals down) forget to deallocate it.

The only solution I can think of for this is to purge the utmp files somehow but I have no idea how that can be done.

Thanks to masand and his work at http://masand.sourceforge.net I was able to write a program to purge users that are 'suck' in the system to invalid pts. I don't know if the solution will work for your problem (and I don't take any liability since this is the first release) but here is the code for a small utility that will purge the utmp file of users on invalid lines.

Glad to see somebody else got this problem worked out.

I have read over the source, but I don't know enough about utmp to figure out what is considered an "invalid" line. Exactly what is the criteria that will cause this program to purge a user?

There are three conditions checked before a user is purged (marked as DEAD):

1. the user must be not currently marked as dead (still marked as alive on th system)

2. the user must have an entry in /etc/passwd (a valid user with a password)

3. the user must be on a line that doesn't exist.

The third condition simply means that the tty associated with the user login must still be active on the /dev filesystem. This only works for temporary lines given out (like pts in the case of gnome-terminal and rxvt), so if you have users stuck on a tty# this won't help them because even after a user with a tty# logs off the system, the /dev/tty# entry remains there.

If you want to test this I would recommend making a backup of your utmp file and running this to see if any users are purged or not, run `who` and `finger` afterward to see if the results are suitable, otherwise replace the utmp with the backup file.

Let me know, I may be able to tune this to your problem if it is no help.

Also, if you are worried about this automatic scanning and purging feature, I could add a command line option that only purges active users on the tty specified or something similar.

Yes, unfortunately, I have the users on ttys.

My first thought would be to modify the "line_exists" function, so that instead of checking for the /dev/ files, it checks the currently running processes to see if agetty is running on the tty that utmp claims the user is logged on to. Because, obviously, if agetty is running on that tty, then nobody is logged on to it.

There is probably a much more elegant way to do it, but that was my first idea. I'll have to look into it more.

That is good thinking, but as I was implementing it I was worried about people that may not use agetty or have agetty with a different process name, if they use the switch to kill based on the absence of agetty then it will remove everyone on all ttys.

I will dig a little further and see if there is another way to do that for ttys, but for now I implemented the -tty switch that lets you remove a specified user. The code is here, but be warned anyone that uses it, it will remove the user based on the tty you specify if it is valid (actually logged in) or not, so you could easily pick off logged in users with that switch.

Oh yeah, and like always, I would recommend making a backup of your utmp file first for testing. I've never actually had it damage my utmp file, but better safe than sorry.

I should probably add a feature that stores backups automatically.