HPE Community
Operating System - HP-UX
1837777 Members
3410 Online
110119 Solutions
New Discussion

lost user

 
SOLVED
Go to solution
Jeff Hagstrom
Regular Advisor

‎09-24-2001 10:32 AM

‎09-24-2001 10:32 AM

lost user

I have a user-id that I cannot find by using
"ps -fu login" or "ps -ef|grep login". However, in my user start-up script there is a command "who | grep -v "`who am i`" | grep $LOGNAME " that is finding the user. I did a "who -u|grep login" which gives me the process ID, but when I try to kill it, it doesn't find anything to kill.
0 Kudos
Reply
7 REPLIES 7
Santosh Nair_1
Honored Contributor

‎09-24-2001 10:41 AM

‎09-24-2001 10:41 AM

Re: lost user

Could this user be one that's used to run some application/script at startup, i.e. using su - $USER -c ? Check /var/adm/sulog and also check the last -R $USER command to see where the user logged in from.

Hope this helps.

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
Santosh Nair_1
Honored Contributor

‎09-24-2001 10:43 AM

‎09-24-2001 10:43 AM

Re: lost user

Also, why are you ps -fu and grepping for login? The login process is a tempory one which exec the users' shell, so it never stays around for very long.

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
someone_4
Honored Contributor

‎09-24-2001 10:45 AM

‎09-24-2001 10:45 AM

Re: lost user

what does
#who -l
or
#who -u
give you?
who if you
#who a
you will get a doesn't exist or isn't readable
Usage: who [-rbtpludAasHTqRm] [am i] [utmp_like_file]

r run level
b boot time
t time changes
p processes other than getty or users
l login processes
u useful information
d dead processes
A accounting information
a all (rbtpludA options)
s short form of who (no time since last output or pid)
H print header
T status of tty (+ writable, - not writable, x exclusive open, ? hung)
q quick who
R print host name

Here you get all the options for who.
Hope this helps

Richard
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎09-24-2001 10:46 AM

‎09-24-2001 10:46 AM

Re: lost user

Hi Jeff:

From the syntax you present, I suspect that you have 'su'ed to another user and as that user are seeking to kill the process that existed before the 'su'. If you are not 'root' then you can't kill another user's process (task).

Regards!

...JRF...
0 Kudos
Reply
Bernie Vande Griend
Respected Contributor

‎09-24-2001 10:46 AM

‎09-24-2001 10:46 AM

Re: lost user

Santosh, I think he is just doing that within the user login process. (user's .profile maybe)

It does seem like the user was just briefly logged in. I'd also take a look at:
last -R | grep login_name
This will tell you how long the user was on the system, when, and also what IP they came from. If it was a script of some kind like Santosh said, it probably won't have an IP associated with it.
Ye who thinks he has a lot to say, probably shouldn't.
0 Kudos
Reply
Sachin Patel
Honored Contributor

‎09-24-2001 10:51 AM

‎09-24-2001 10:51 AM

Solution

Re: lost user

Hi Jeff,
"who" gets its information from /etc/utmp and /var/adm/wtmp. Sometimes when user logs out by unusual way and utmp still has that entry then you can't kill that PID because that PID is not exits but entry is still there in /etc/utmp.

Sachin
Is photography a hobby or another way to spend $
Reply
Darrell Allen
Honored Contributor

‎09-24-2001 01:52 PM

‎09-24-2001 01:52 PM

Re: lost user

Hi Jeff,

I presume when you say "grep login" you are actually grepping for the loginid (name).

Could this loginid have the same uid as another loginid that comes before it in the passwd file? "ps", "whoami", and "id" are going to show the first loginid found in /etc/passwd that matches the numeric uid. $LOGNAME and "who am i" will show the actual loginid used.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.