HPE Community
Operating System - HP-UX
1832880 Members
2691 Online
110048 Solutions
New Discussion

killing login session

 
SOLVED
Go to solution
Shivkumar
Super Advisor

‎12-24-2005 05:35 PM

‎12-24-2005 05:35 PM

killing login session

Dear Sirs,

When i executed who command;i saw many user sksonkar (myself) logged in. When i used grep command i saw few session only.

Please see the output of both the command as shown below:-

#who
sksonkar pts/1 Dec 22 13:19
sksonkar ttyp4 Dec 24 13:50
sksonkar ttyp6 Dec 24 22:23
sksonkar ttyq7 Sep 26 11:15
sksonkar ttyq8 Sep 17 13:10
sksonkar ttyqa Sep 17 14:00
sksonkar ttyqf Sep 26 19:51
sksonkar ttyr0 Sep 26 20:15
sksonkar ttyr1 Sep 30 18:20
sksonkar ttyr2 Sep 28 21:32
sksonkar ttyr5 Oct 6 21:17
sksonkar ttyr7 Oct 6 22:14
sksonkar ttyr9 Oct 23 09:57
sksonkar ttyrd Nov 20 19:39
#
# ps -ef|grep sksonkar
root 9295 8880 2 22:24:57 ttypa 0:00 grep sksonkar
sksonkar 8863 8862 0 22:23:16 ttyp6 0:00 -ksh
sksonkar 8862 1 6 22:23:12 ? 0:00 /usr/bin/X11/xterm -fn 6x13 -sb -ls -display xx.xx.xx.xx
sksonkar 13792 13791 0 13:50:24 ttyp4 0:00 -ksh
sksonkar 13791 1 0 13:50:21 ? 0:00 /usr/bin/X11/xterm -fn 6x13 -sb -ls -display xx.xx.xx.xx
sksonkar 8878 8863 7 22:23:31 ttyp6 0:00 pbrun ksh
#

Please suggest how to kill these sessions shown by "who" command ?

Thanks,
Shiv
0 Kudos
Reply
19 REPLIES 19
Steven E. Protter
Exalted Contributor

‎12-24-2005 07:16 PM

‎12-24-2005 07:16 PM

Solution

Re: killing login session

Shalom Shiv,

who -l includes a process id

That might now work.

Based on your own output

ps -ef | grep sksonkar | awk '{print $2}' > plist


while read -r pid
do
kill ${pid)
done < plist

There are several variants of the who command that might be useful becaus they display process ID as noted above. They are on the man page and might prove useful in getting rid of these sessions.

Frankly when kiling processes, I prefer a human being is involved.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Henk Geurts
Esteemed Contributor

‎12-24-2005 11:21 PM - last edited on ‎03-27-2024 12:19 AM by

‎12-24-2005 11:21 PM - last edited on ‎03-27-2024 12:19 AM by

Re: killing login session

hi Shiv.
seems like your wtmp file is corrupted ...
read the following link
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=265607
and follow Robert-Jan 's suggestion....

regards.

[Moderator edit: The above link is no longer valid.]

Reply
Shivkumar
Super Advisor

‎12-25-2005 11:01 AM

‎12-25-2005 11:01 AM

Re: killing login session

Hi Steven, The command "$who -l" didn't give me any output or result.

below is the screenshots:-

$ who -l
$

0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎12-25-2005 11:57 AM

‎12-25-2005 11:57 AM

Re: killing login session

Hi Shiv:

# who -u

...lists (u)sers who are logged in. Adding '-R' as in 'who -uR' adds the hostname to the information returned.

# who -l ...

...lists only the lines on which logins are waiting to occur.

As noted, there are times when the 'etc/utmp' or 'var/adm/wtmp' files are corrupted and you will sense that someone has never terminated a login session when in reality it has been. More frequently, a simple 'ps' will expose orphaned sessions which can safely be killed ('kill -hup '). Uusally these arise from an ungraceful termination of a telnet session (e.g. by rebooting a PC hosting the telnet session).

Regards!

...JRF...
Reply
Bill Hassell
Honored Contributor

‎12-25-2005 02:12 PM

‎12-25-2005 02:12 PM

Re: killing login session

The ps command is extremely powerful and most options are never used. To find all processes owned by a specific user, don't use grep, use ps -u as in:

ps -f -u sksonkar

ps is always accurate as it reads the process table. who is dependent on the /etc/utmp file which can easily be corrupted with improper logouts. Since I see xterm processes, it appears that you may be using a PC with an Xterminal emulator. PCs have a tendency to crash a lot which means that the xterm windows (and associated logins) did not close properly. Since who determines whether a user has a session by looking in utmp, these crashed sessions appear to still exist.

Only ps is correct. If all you are using are xterm windows, you will find a performance improvement by using a plain terminal emulator rather than Xwindows. And in addition, the simple telnet protocol is less susceptible to bad entries in utmp.


Bill Hassell, sysadmin
Reply
Arunvijai_4
Honored Contributor

‎12-25-2005 02:22 PM

‎12-25-2005 02:22 PM

Re: killing login session

Hi Shiv, Try with # who -T which will give IP addresses of the user's connected. It seems like you have lot of defunct processes running ? # ps -ef |grep -i "defunct" will list the defunct processes.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
Yogeeraj_1
Honored Contributor

‎12-25-2005 03:55 PM

‎12-25-2005 03:55 PM

Re: killing login session

hi,

i would first trim my wtmp and btmp then run the "who -u" to identify the PID that i want to kill!

e.g.

# who -u |grep sksonkar
sksonkar pts/ta Dec 26 08:47 0:03 15578 t1
sksonkar pts/tb Dec 26 08:00 0:05 10501 t1
sksonkar pts/tc Dec 26 08:00 0:03 10554 t1
sksonkar pts/td Dec 26 08:29 0:24 13797 t1
sksonkar pts/te Dec 26 08:50 0:01 15767 t1
sksonkar pts/tf Dec 26 08:34 0:18 14376 t1
sksonkar pts/th Dec 26 08:37 0:07 14654 t1
sksonkar pts/ti Dec 26 08:52 0:01 16140 t1
sksonkar pts/tk Dec 26 08:55 . 16374 t1
# kill -15 15578 10501 10554 13797 15767 14376 14654 14654 16140 16374

hope this helps!

kidn regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
Yogeeraj_1
Honored Contributor

‎12-25-2005 03:57 PM

‎12-25-2005 03:57 PM

Re: killing login session

hi,

i would first trim my wtmp and btmp then run the "who -u" to identify the PID that i want to kill!

e.g.

# who -u |grep sksonkar
sksonkar pts/ta Dec 26 08:47 0:03 15578 t1
sksonkar pts/tb Dec 26 08:00 0:05 10501 t1
sksonkar pts/tc Dec 26 08:00 0:03 10554 t1
sksonkar pts/td Dec 26 08:29 0:24 13797 t1
sksonkar pts/te Dec 26 08:50 0:01 15767 t1
sksonkar pts/tf Dec 26 08:34 0:18 14376 t1
sksonkar pts/th Dec 26 08:37 0:07 14654 t1
sksonkar pts/ti Dec 26 08:52 0:01 16140 t1
sksonkar pts/tk Dec 26 08:55 . 16374 t1
# kill -15 15578 10501 10554 13797 15767 14376 14654 14654 16140

hope this helps!

kidn regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
Muthukumar_5
Honored Contributor

‎12-25-2005 04:21 PM

‎12-25-2005 04:21 PM

Re: killing login session

Do you want to kill all the sessions opened by sksonkar then,

# who -u | awk '/sksonkar/ { print $7; }' | xargs kill -9

-Muthu
Easy to suggest when don't know about the problem!
Reply
Arunvijai_4
Honored Contributor

‎12-25-2005 05:27 PM

‎12-25-2005 05:27 PM

Re: killing login session

To kill defunt processes for a user, you can use this script

kill -9 `ps -ef|grep $LOGNAME|grep -v grep| defunct|awk '{print $2}'`

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
Shivkumar
Super Advisor

‎12-25-2005 06:11 PM

‎12-25-2005 06:11 PM

Re: killing login session

Respected Sirs,

Thanks everyone for your help.

One thing is not clear. As shown in my post above, who command shows more sessions but ps -ef|grep sksonkar shows fewer sessions.
Using kill command i can kill only those sessions who are visible using ps -ef|grep sksonkar command.

What is the easiest way to clean all the sessions which are showing up using who or who -u|grep sksonkar command ?

Thanks,
Shiv
0 Kudos
Reply
Cem Tugrul
Esteemed Contributor

‎12-25-2005 06:17 PM

‎12-25-2005 06:17 PM

Re: killing login session

Hi Shiv,

the use of xargs with the kill command


to kill off all processes associated with "ptc":

ps -ef | grep ptc | xargs kill -9 `awk '{print $2 }'`



to kill off all processes associated with "oli":

ps -ef | grep oli | xargs kill -9 `awk '{print $2 }'`



to kill off all processes associated with "etscape":

ps -ef | grep etscape | xargs kill -9 `awk '{print $2 }'`

Good Luck,
Our greatest duty in this life is to help others. And please, if you can't
Reply
Yogeeraj_1
Honored Contributor

‎12-25-2005 06:19 PM

‎12-25-2005 06:19 PM

Re: killing login session

hi again,

if you see man who:


The who command can list the user's name, terminal line, login time, elapsed time since input activity occurred on the line, the user's host name, and the process-ID of the command interpreter (shell) for each current system user. It examines the /etc/utmp file to obtain its information. If file is given, that file is examined. Usually, file is /var/adm/wtmp, which contains a history of all of the logins since the file was last created.



so you should start with trimming the /etc/utmp file...

hope this helps!

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
Arunvijai_4
Honored Contributor

‎12-25-2005 08:15 PM

‎12-25-2005 08:15 PM

Re: killing login session

Hi Shiv, Have a look at this thread,

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=574109

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
Bill Hassell
Honored Contributor

‎12-25-2005 10:59 PM

‎12-25-2005 10:59 PM

Re: killing login session

The simplest method is to reboot and the /etc/utmp file will be rebuilt. This file is binary so direct editing with vi is not possible. The fwttmp program can decode and re-encode the utmp file but it is quite obtuse in usage. It requires creating an ASCII version of the file, then manually editing this file, and replacing /etc/utmp with the result. If not done correctly, utmp may become totally corrupted or empty and utiloities (like who) will no longer work.


Bill Hassell, sysadmin
Reply
Arturo Galbiati
Esteemed Contributor

‎12-26-2005 08:02 PM

‎12-26-2005 08:02 PM

Re: killing login session

Hi,
who -Hu|awk '/sksonkar/ {print "kill " $7}'|sh

This command will kill all the pid showed by who command for user sksonkar.
HTH,
Art
Reply
John Jimenez
Super Advisor

‎12-27-2005 08:53 AM

‎12-27-2005 08:53 AM

Re: killing login session

Bill is right. A couple of times I have ran into 1 or two of these users showing up in who but cannot grep it. Lets take of of the ones that are not showing up, lets say for instance
sksonkar ttyqf Sep 26 19:51

What happens when you try to grep ttyqf?
ps -ef | grep ttyqf

If nothing shows up, like Bill said you are going to have to reboot and it will clear it up.

Like I said I have only seen this twice. These 2 occasions happened within on a couple of months apart, but with different seperate users and not myself and not so many of them like you. I was never able to figrue out what happened, only that it has stopped. On your system, you are the one with issues, I am curious to see if you can figure how happens

Hustle Makes things happen
Reply
Shivkumar
Super Advisor

‎12-27-2005 10:38 AM

‎12-27-2005 10:38 AM

Re: killing login session

Thanks Bill!! I respect many Unix gurus like you on this forum.

After joining this forum i came to know how little unix i know.

Regards,
Shiv
0 Kudos
Reply
CV REDDY
New Member

‎01-05-2006 08:51 PM

‎01-05-2006 08:51 PM

Re: killing login session

Hi Shiv,
i want to take hp ux m/c archive to store in network pc using net_recover , pls give me some description on that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.