- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Last Command
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:24 AM
05-31-2002 06:24 AM
Last Command
I have a problem with the "last" command. The command reports for some users and for some other users it just says "wtmp begins Mon Nov 5 20:07". Some of these users are connecting via PC thru xemulator. will that be an issue.
Thanks
Joe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:30 AM
05-31-2002 06:30 AM
Re: Last Command
'last' is announcing the date at which the file 'var/adm/wtmp' was last initialized (created, or emptied).
If you do 'last auser' and there is no match found for "auser", then 'last' behaves as you noted. Either "auser" isn't valid (no check is made), or "auser" *is* a valid account but one that just hasn't logged on since the initialization of the file.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:32 AM
05-31-2002 06:32 AM
Re: Last Command
I dont think is differntiates between these users , it will log in any user logging into the system whether from PC etc , may be you will like to read this in case you find that ther is some problem.
You can use the fwtmp command to manipulate the wtmp file.
For example, initially convert the wtmp file to an ASCII file:
cat /var/adm/wtmp | /usr/sbin/acct/fwtmp > /tmp/wtmp.ascii
Edit the /tmp/wtmp.ascii entry using your favourite editor.
Convert the ASCII file back to binary:
cat /tmp/wtmp.ascii | /usr/sbin/acct/fwtmp > /var/adm/wtmp"
Manoj Srivastava
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:36 AM
05-31-2002 06:36 AM
Re: Last Command
We are currently setting-up an L2000, and as part of the conversion process have created a limited /etc/passwd file to keep people out of the system while we copy files over the network. The new /etc/passwd file was created only with 660 permissions, and consequently "whoami" when run as other than root now returns the message "Intruder alert.", so check your permissions on /etc/passwd as well.
Also, keep in mind that users running applications that only create socket connections will not show in the "last" display, as they really don't log in.
HTH
mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:37 AM
05-31-2002 06:37 AM
Re: Last Command
what i find here is i am able to use last command for all users who have come thru a shell. for users who come from the pc(not thru telnet but xemulator) the last command reports as though that user was never there. the login process is taken care by the xemulator and there is no shell for the users(coming from pc) as they are directly put inside the xmotif application. Any thoughts??
Thanks
Joe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:41 AM
05-31-2002 06:41 AM
Re: Last Command
Cheers!
Cheryl
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:46 AM
05-31-2002 06:46 AM
Re: Last Command
What emulator? We use WRQ Reflections and last works fine for me.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:47 AM
05-31-2002 06:47 AM
Re: Last Command
if you use
users
or
w
Do you see these users
last -R|grep still can also be interesting.
Maybe someone cleaned out the users withh accounting.
Ask one to log out and back in.Then check for user.
steve Steel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:48 AM
05-31-2002 06:48 AM
Re: Last Command
I think JRF hit the nail on the head. Either the user is non-existant or has not logged in.
For what it's worth,
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 06:56 AM
05-31-2002 06:56 AM
Re: Last Command
if i do last username it shows
wtmp begins Mon Nov 5 20:07
and if i do w|grep username
then i get
username pcremote 12:00pm
i think my xemulator(citrix) does not log onto wtmp but since the w works fine may be updates the utmp. Is my assumption correct?
Thanks
Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 07:01 AM
05-31-2002 07:01 AM
Re: Last Command
1) The 'w' command is actually using the command 'uptime' for getting it's results.
2) Check whether 'who' command report the correct data, while this takes output from wtmp file.
3) I believe that your xemulator software is not putting the entries in wtmp.
4) Make use of fwtmp command too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 07:13 AM
05-31-2002 07:13 AM
Re: Last Command
If i do a who|grep username i am able to find 2 entries fro that particular user.
who|grep chris
chris pcremote May 28 12:00
chris pcremote May 29 10:17
and if i do ps -ef |grep chris gives me 21 processes for both May 28 and 29.
but if i do a w|grep chris
chris pcremote 12:00pm 2 -
chris pcremote 10:17am 2 -
can anyone tell what is going on?
Thanks
Joe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 07:29 AM
05-31-2002 07:29 AM
Re: Last Command
Update your patch level with the latest patches. That may solve your issues. If you are using version 10.20, then install this patch:
PHCO_8915 - s700_800 10.01-[12]0 last(1) cumulative patch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 07:30 AM
05-31-2002 07:30 AM
Re: Last Command
We are using 11.0 and the march 2002 patch bundle has been installed.
Thanks
Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 07:41 AM
05-31-2002 07:41 AM
Re: Last Command
Jame's answer is 100 % correct in that the file start time is based upon your last reboot (Starts at) and the wtmp begins is telling you that the user has not logged in since the start of the wtmp.
Paula
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 07:46 AM
05-31-2002 07:46 AM
Re: Last Command
This user has logged in on 28th and 29th and he still has that processes left hanging in there.
Thanks
Joe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 08:36 AM
05-31-2002 08:36 AM
Re: Last Command
The answer to your original question is yes, there is an issue with last and X session users.
X sessions don't get logged in wtmp in the same way as normal character logins (see comment from Cheryl above).
Have a look at the man pages for last, login and wtmp.
Regards,
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 11:06 AM
05-31-2002 11:06 AM
Re: Last Command
Here's some more information that may help you. Cheryl's comments are the seed.
If you make connection with another server using 'remsh', no update of /var/adm/wtmp occurs. This is because 'remsh' isn't considered a "login".
However, it turns out that if no command is specified with 'remsh', then 'remsh' treats this as an 'rlogin' and an entry *is* made in /var/adm/wtmp. TO see this behavior, compare:
# remsh somehost -n hostname
...versue:
# remsh somehost #...this becomes a 'rlogin'
In the first case, no entry is recorded in /var/adm/wtmp (for 'last'). In the second, there is a record.
BTW, use 'last -R
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 12:15 PM
05-31-2002 12:15 PM
Re: Last Command
Thanks. But as i said earlier last -R is not working and behaving as though the user never existed. So i guess i have to go the xemulator's code. Now is there some serious problem if wtmp is not updated in a login?
Thanks
Joe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2002 12:44 PM
05-31-2002 12:44 PM
Re: Last Command
In answer to your last question, the accounting of login information in '/var/adm/wtmp' (and bad logins in '/var/adm/btmp') is purely discretionary. If you don't care about capturing the information, remove the file(s). This turns off logging in the first place. To re-enable it, create an empty file with 'touch' or 'cat /dev/nul > ...'.
My suggestion to use the '-R' option of 'last' was to be more demonstrative if you perform the 'remsh' exercise I suggested.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2002 05:57 AM
06-01-2002 05:57 AM
Re: Last Command
you might want to use the X-Windows resource "*loginShell: true" for all those PC-based X-sessions, as then every terminal window will create an entry in "wtmp"...
To do this simply add the following line to the file ".Xdefaults" in the user's HOME-directory:
*loginShell: true
Be careful about the speeling - upper and lower case are important!
HTH,
Wodisch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2002 06:15 AM
06-03-2002 06:15 AM
Re: Last Command
I tried in .Xdefaults *loginShell:true and it is not updating wtmp still. Any thoughts..
Joe.