topic Re: killing login session in Operating System - HP-UX

killing login session

Shivkumar — Sun, 25 Dec 2005 01:35:54 GMT

Dear Sirs,

When i executed who command;i saw many user sksonkar (myself) logged in. When i used grep command i saw few session only.

Please see the output of both the command as shown below:-

#who
sksonkar pts/1 Dec 22 13:19
sksonkar ttyp4 Dec 24 13:50
sksonkar ttyp6 Dec 24 22:23
sksonkar ttyq7 Sep 26 11:15
sksonkar ttyq8 Sep 17 13:10
sksonkar ttyqa Sep 17 14:00
sksonkar ttyqf Sep 26 19:51
sksonkar ttyr0 Sep 26 20:15
sksonkar ttyr1 Sep 30 18:20
sksonkar ttyr2 Sep 28 21:32
sksonkar ttyr5 Oct 6 21:17
sksonkar ttyr7 Oct 6 22:14
sksonkar ttyr9 Oct 23 09:57
sksonkar ttyrd Nov 20 19:39
#
# ps -ef|grep sksonkar
root 9295 8880 2 22:24:57 ttypa 0:00 grep sksonkar
sksonkar 8863 8862 0 22:23:16 ttyp6 0:00 -ksh
sksonkar 8862 1 6 22:23:12 ? 0:00 /usr/bin/X11/xterm -fn 6x13 -sb -ls -display xx.xx.xx.xx
sksonkar 13792 13791 0 13:50:24 ttyp4 0:00 -ksh
sksonkar 13791 1 0 13:50:21 ? 0:00 /usr/bin/X11/xterm -fn 6x13 -sb -ls -display xx.xx.xx.xx
sksonkar 8878 8863 7 22:23:31 ttyp6 0:00 pbrun ksh
#

Please suggest how to kill these sessions shown by "who" command ?

Thanks,
Shiv

Re: killing login session

Steven E. Protter — Sun, 25 Dec 2005 03:16:01 GMT

Shalom Shiv,

who -l includes a process id

That might now work.

Based on your own output

ps -ef | grep sksonkar | awk '{print $2}' > plist

while read -r pid
do
kill ${pid)
done < plist

There are several variants of the who command that might be useful becaus they display process ID as noted above. They are on the man page and might prove useful in getting rid of these sessions.

Frankly when kiling processes, I prefer a human being is involved.

SEP

Re: killing login session

Henk Geurts — Wed, 27 Mar 2024 07:19:43 GMT

hi Shiv.
seems like your wtmp file is corrupted ...
read the following link
~~http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=265607~~
and follow Robert-Jan 's suggestion....

regards.

[Moderator edit: The above link is no longer valid.]

Re: killing login session

Shivkumar — Sun, 25 Dec 2005 19:01:22 GMT

Hi Steven, The command "$who -l" didn't give me any output or result.

below is the screenshots:-

$ who -l
$

Re: killing login session

James R. Ferguson — Sun, 25 Dec 2005 19:57:57 GMT

Hi Shiv:

# who -u

...lists (u)sers who are logged in. Adding '-R' as in 'who -uR' adds the hostname to the information returned.

# who -l ...

...lists only the lines on which logins are waiting to occur.

As noted, there are times when the 'etc/utmp' or 'var/adm/wtmp' files are corrupted and you will sense that someone has never terminated a login session when in reality it has been. More frequently, a simple 'ps' will expose orphaned sessions which can safely be killed ('kill -hup '). Uusally these arise from an ungraceful termination of a telnet session (e.g. by rebooting a PC hosting the telnet session).

Regards!

...JRF...

Re: killing login session

Bill Hassell — Sun, 25 Dec 2005 22:12:08 GMT

The ps command is extremely powerful and most options are never used. To find all processes owned by a specific user, don't use grep, use ps -u as in:

ps -f -u sksonkar

ps is always accurate as it reads the process table. who is dependent on the /etc/utmp file which can easily be corrupted with improper logouts. Since I see xterm processes, it appears that you may be using a PC with an Xterminal emulator. PCs have a tendency to crash a lot which means that the xterm windows (and associated logins) did not close properly. Since who determines whether a user has a session by looking in utmp, these crashed sessions appear to still exist.

Only ps is correct. If all you are using are xterm windows, you will find a performance improvement by using a plain terminal emulator rather than Xwindows. And in addition, the simple telnet protocol is less susceptible to bad entries in utmp.

Re: killing login session

Arunvijai_4 — Sun, 25 Dec 2005 22:22:00 GMT

Hi Shiv, Try with # who -T which will give IP addresses of the user's connected. It seems like you have lot of defunct processes running ? # ps -ef |grep -i "defunct" will list the defunct processes.

-Arun

Re: killing login session

Yogeeraj_1 — Sun, 25 Dec 2005 23:55:43 GMT

hi,

i would first trim my wtmp and btmp then run the "who -u" to identify the PID that i want to kill!

e.g.

# who -u |grep sksonkar
sksonkar pts/ta Dec 26 08:47 0:03 15578 t1
sksonkar pts/tb Dec 26 08:00 0:05 10501 t1
sksonkar pts/tc Dec 26 08:00 0:03 10554 t1
sksonkar pts/td Dec 26 08:29 0:24 13797 t1
sksonkar pts/te Dec 26 08:50 0:01 15767 t1
sksonkar pts/tf Dec 26 08:34 0:18 14376 t1
sksonkar pts/th Dec 26 08:37 0:07 14654 t1
sksonkar pts/ti Dec 26 08:52 0:01 16140 t1
sksonkar pts/tk Dec 26 08:55 . 16374 t1
# kill -15 15578 10501 10554 13797 15767 14376 14654 14654 16140 16374

hope this helps!

kidn regards
yogeeraj

Re: killing login session

Yogeeraj_1 — Sun, 25 Dec 2005 23:57:19 GMT

Re: killing login session

Muthukumar_5 — Mon, 26 Dec 2005 00:21:14 GMT

Do you want to kill all the sessions opened by sksonkar then,

# who -u | awk '/sksonkar/ { print $7; }' | xargs kill -9

-Muthu

Re: killing login session

Arunvijai_4 — Mon, 26 Dec 2005 01:27:44 GMT

To kill defunt processes for a user, you can use this script

kill -9 `ps -ef|grep $LOGNAME|grep -v grep| defunct|awk '{print $2}'`

-Arun

Re: killing login session

Shivkumar — Mon, 26 Dec 2005 02:11:35 GMT

Respected Sirs,

Thanks everyone for your help.

One thing is not clear. As shown in my post above, who command shows more sessions but ps -ef|grep sksonkar shows fewer sessions.
Using kill command i can kill only those sessions who are visible using ps -ef|grep sksonkar command.

What is the easiest way to clean all the sessions which are showing up using who or who -u|grep sksonkar command ?

Thanks,
Shiv

Re: killing login session

Cem Tugrul — Mon, 26 Dec 2005 02:17:41 GMT

Hi Shiv,

the use of xargs with the kill command

to kill off all processes associated with "ptc":

ps -ef | grep ptc | xargs kill -9 `awk '{print $2 }'`

to kill off all processes associated with "oli":

ps -ef | grep oli | xargs kill -9 `awk '{print $2 }'`

to kill off all processes associated with "etscape":

ps -ef | grep etscape | xargs kill -9 `awk '{print $2 }'`

Good Luck,

Re: killing login session

Yogeeraj_1 — Mon, 26 Dec 2005 02:19:29 GMT

hi again,

if you see man who:

The who command can list the user's name, terminal line, login time, elapsed time since input activity occurred on the line, the user's host name, and the process-ID of the command interpreter (shell) for each current system user. It examines the /etc/utmp file to obtain its information. If file is given, that file is examined. Usually, file is /var/adm/wtmp, which contains a history of all of the logins since the file was last created.

so you should start with trimming the /etc/utmp file...

hope this helps!

kind regards
yogeeraj

Re: killing login session

Arunvijai_4 — Mon, 26 Dec 2005 04:15:05 GMT

Hi Shiv, Have a look at this thread,

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=574109

-Arun

Re: killing login session

Bill Hassell — Mon, 26 Dec 2005 06:59:00 GMT

The simplest method is to reboot and the /etc/utmp file will be rebuilt. This file is binary so direct editing with vi is not possible. The fwttmp program can decode and re-encode the utmp file but it is quite obtuse in usage. It requires creating an ASCII version of the file, then manually editing this file, and replacing /etc/utmp with the result. If not done correctly, utmp may become totally corrupted or empty and utiloities (like who) will no longer work.

Re: killing login session

Arturo Galbiati — Tue, 27 Dec 2005 04:02:00 GMT

Hi,
who -Hu|awk '/sksonkar/ {print "kill " $7}'|sh

This command will kill all the pid showed by who command for user sksonkar.
HTH,
Art

Re: killing login session

John Jimenez — Tue, 27 Dec 2005 16:53:19 GMT

Bill is right. A couple of times I have ran into 1 or two of these users showing up in who but cannot grep it. Lets take of of the ones that are not showing up, lets say for instance
sksonkar ttyqf Sep 26 19:51

What happens when you try to grep ttyqf?
ps -ef | grep ttyqf

If nothing shows up, like Bill said you are going to have to reboot and it will clear it up.

Like I said I have only seen this twice. These 2 occasions happened within on a couple of months apart, but with different seperate users and not myself and not so many of them like you. I was never able to figrue out what happened, only that it has stopped. On your system, you are the one with issues, I am curious to see if you can figure how happens

Re: killing login session

Shivkumar — Tue, 27 Dec 2005 18:38:39 GMT

Thanks Bill!! I respect many Unix gurus like you on this forum.

After joining this forum i came to know how little unix i know.

Regards,
Shiv

Re: killing login session

CV REDDY — Fri, 06 Jan 2006 04:51:53 GMT

Hi Shiv,
i want to take hp ux m/c archive to store in network pc using net_recover , pls give me some description on that.