HPE Community
Operating System - HP-UX
1834445 Members
2703 Online
110067 Solutions
New Discussion

Re: Logout users

 
SOLVED
Go to solution
Jeffrey F. Goldsmith
Super Advisor

‎03-14-2006 09:55 AM

‎03-14-2006 09:55 AM

Logout users

This morning when I was going through my server I noticed that I had some users that had a session open from several days earlier. I contacted them and they said that they were not logged in at the time. I had them login and could see a new session started and then had them logout. Their new session went away but the one that was opened last week was still there. When I check the session it doesn’t show up as being used so I can’t kill it.

How do I get rid of these sessions other than rebooting my server?

HP-UX 11.0

Thanks for the help.

Jeff
0 Kudos
24 REPLIES 24
A. Clay Stephenson
Acclaimed Contributor

‎03-14-2006 10:00 AM

‎03-14-2006 10:00 AM

Re: Logout users

Are these telnet sessions, Oracle sessions, ... ? What command are you using to display them? In many cases, the solution to your problem is killing the parent process (unless it is PPID 1). This could simply be a artifact of whatever utility you are using to display these "sessions" and no process(es) acxtually exist.
If it ain't broke, I can fix that.
0 Kudos
Rajeev Shukla
Honored Contributor

‎03-14-2006 10:02 AM

‎03-14-2006 10:02 AM

Re: Logout users

Do you see those users in who -u listing?
0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-14-2006 10:03 AM

‎03-14-2006 10:03 AM

Re: Logout users

Sorry about the lack of information in the first page. I see these users when I do a "who" at the root prompt.

0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-14-2006 10:04 AM

‎03-14-2006 10:04 AM

Re: Logout users

Yes, I do see them when I do a "who -u"
0 Kudos
Rajeev Shukla
Honored Contributor

‎03-14-2006 10:04 AM

‎03-14-2006 10:04 AM

Solution

Re: Logout users

then do a who -u and you will see the proccess ID associated with those users.
You can kill those PID if you are sure that this user is not logged in.
0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-14-2006 10:07 AM

‎03-14-2006 10:07 AM

Re: Logout users

I tried that the first time around. This is what I get:

hellickd pts/tN Feb 1 15:07 old 15012 172.16.6.77
root: /home/root ==> kill 15012
kill: 15012: The specified process does not exist.
root: /home/root ==> who -u
0 Kudos
Rajeev Shukla
Honored Contributor

‎03-14-2006 10:13 AM

‎03-14-2006 10:13 AM

Re: Logout users

You could try killing the parent process if it is not 1 by grep ing..
ps -ef|grep 15012
this will list that user and the parent process..
Try killing that.
If you have lsof installed try seeing the files open by the process

lsof -p 15012
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎03-14-2006 10:17 AM

‎03-14-2006 10:17 AM

Re: Logout users

This is actually an artifact of a corrupt/inaccurate utmp (or wtmp) file and is often caused by users (especially PC users) not cleanly exiting. The processes no longer exist.

One approach would be to use the fwtmp utility to clean up utmp by reading it out in ASCII format, removing the errant entries, and writing it back in binary format. Man fwtmp for details.

A good trick is to send a kill -0 PID to a process. If ${?} is set to 0 then process still exists otherwise, it's bogus.

I suspect that the real answer to this problem is to better educate your users on proper exit procedures.
If it ain't broke, I can fix that.
0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-14-2006 10:46 AM

‎03-14-2006 10:46 AM

Re: Logout users

I dont have lsof so that isnt an option. I did a man on fwtmp so i could read up on it. My question is how do I use it?

Is this correct?

/usr/sbin/acct/fwtmp -i wtmp

0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-14-2006 11:29 AM

‎03-14-2006 11:29 AM

Re: Logout users

After some websurfing I found some information on how to use fwtmp. This is what I did.

root: / ==> /usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file

I looked at the dummy.file but could not find anything that matched the date of the session that was having problems.

Is there something that I am missing?
0 Kudos
Muthukumar_5
Honored Contributor

‎03-14-2006 03:22 PM

‎03-14-2006 03:22 PM

Re: Logout users

For killing un-needed sessions then,

# who -Hu

will give username, pid, time and idle informations. With that you can kill the PID from root user.

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Muthukumar_5
Honored Contributor

‎03-14-2006 03:23 PM

‎03-14-2006 03:23 PM

Re: Logout users

To get user login details then,

# last -R

will give it using /var/adm/wtmp file.

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Senthil Kumar .A_1
Honored Contributor

‎03-14-2006 04:09 PM

‎03-14-2006 04:09 PM

Re: Logout users

Hi,

Lets say, u are seeing the sessions of user1. As a root do the following procedure to make the kill those sessions.

# who -u
# su - user1
$ kill -9 -1
# who -u

Note: Doing this will kill even the active session of the user1. In that case, u need to ask the user1 to logout for a while and not launch any program. I do agree with Clay's point aswell, about educating your user community about clean logouts.

Regards,
Senthil Kumar .A
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Sivakumar TS
Honored Contributor

‎03-14-2006 04:28 PM

‎03-14-2006 04:28 PM

Re: Logout users


Hi Jeff,

# who -u

will display username, pid, time and idle informations.

get the pid of the MOST idle user.

use

#kill -9

this will clear the login.

Regards,

Siva.
Nothing is Impossible !
0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-15-2006 04:24 AM

‎03-15-2006 04:24 AM

Re: Logout users

Muthukumar,

I tried the â who â Huâ and received the following results:

root: / ==> who -Hu
NAME LINE TIME IDLE PID COMMENTS
hellickd pts/tN Feb 1 15:07 old 15012 172.16.6.77
root: / ==> kill 15012
kill: 15012: The specified process does not exist.
root: / ==> kill -9 15012
kill: 15012: The specified process does not exist.


Then I tried the â last â Râ command and received the following error:

root: / ==> last -R
Memory fault(coredump)
root: / ==>


Senthil,

To do the steps you gave me I will need to change the userâ s password so I can login as them. This is going to take some time and will let you know what happens.


Sivakumar,

I have been trying to kill a user that has been out there for over a month. As you can see by the information in this section I can not kill the session because it doesnâ t exist even though it does exist.


Thanks.
0 Kudos
Carlos Roberto Schimidt
Regular Advisor

‎03-15-2006 04:28 AM

‎03-15-2006 04:28 AM

Re: Logout users

When you have file /var/adm/wtmp too big or corrupted, is possible receive this error message for command "last -R".

If you can:

# cp /dev/null /var/adm/wtmp

0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎03-15-2006 04:33 AM

‎03-15-2006 04:33 AM

Re: Logout users

All of these who commands assume the utmp (wtmp,wtmptx) data are correct and they are not. You can't kill a process that doesn't exist and that is your fundamental problem. The solution is to cleanup the utmp files. I would read out the utmp files using fwtmp and then use awk or Perl to extract the PID's. Next send a kill -0 PID

kill -0 ${THISPID}
STAT=${?}
if [[ ${STAT} -ne 0 ]]
then
this is a dead process; don't restore this line when you rewrite utmp
else
this is a good pid; restore this line when you rewrite utmp
fi


If it ain't broke, I can fix that.
0 Kudos
Victor BERRIDGE
Honored Contributor

‎03-15-2006 04:50 AM

‎03-15-2006 04:50 AM

Re: Logout users

Hi Jeff,
Still looking?
What type of hpux 11.00 ? (PaRisc 1 or 2)
I remembered compiling a tool
If you are interested I will look for it

All the best
Victor
0 Kudos
Victor BERRIDGE
Honored Contributor

‎03-15-2006 05:23 AM

‎03-15-2006 05:23 AM

Re: Logout users

Compiled on a Kclass 11.00

Looking for the source but unlucky for now
Give it a try - I dont know if it works (used to) because I cant recreate your situation to test, I hope it is what I think (because of its name... fixutmp)
0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-15-2006 05:57 AM

‎03-15-2006 05:57 AM

Re: Logout users

This is what I just did to see if I could get rid of the user session. I made a copy of the file so I could edit it.

root: /etc ==> /usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file

root: / ==> vi dummy.file

I found the user by doing a search on the PID and deleted both instances and saved the file.

root: / ==> /usr/sbin/acct/fwtmp -ac < dummy.file > /var/adm/wtmp


After this I did a who â u and see that the user is still there. Is there something else that I need to do now?


0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎03-15-2006 06:36 AM

‎03-15-2006 06:36 AM

Re: Logout users

You need to do your fwtmp stuff on /etc/utmp.
If it ain't broke, I can fix that.
0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-15-2006 06:57 AM

‎03-15-2006 06:57 AM

Re: Logout users

Clay,

This is what I did:

root: / ==> /usr/sbin/acct/fwtmp < /etc/utmp > dummy.file

Then I located the user and deleted the line from the dummy.file. Then I did this:

root: / ==> /usr/sbin/acct/fwtmp -ac < dummy.file > /etc/utmp


Now when I do a who I get nothing so I logged out and back in and see my sessions. Will the rest of the sessions show up as userâ s login? I would have thought I would have only deleted the one user and the rest of them would have still been there.

0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-15-2006 07:01 AM

‎03-15-2006 07:01 AM

Re: Logout users

I caught my problem with the -ac and redid it with the -ic and it looks correct with the ghost user not there now.

Thanks for the help.

I now have to go back and assign some points to everyone.
0 Kudos
Jeffrey F. Goldsmith
Super Advisor

‎03-17-2006 11:17 AM

‎03-17-2006 11:17 AM

Re: Logout users

With the help of everyone I was able to remove the ghost users on my server.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.