HPE Community
Operating System - HP-UX
1834659 Members
2301 Online
110069 Solutions
New Discussion

"dead" sessions in who's output

 
SOLVED
Go to solution
Fedon Kadifeli
Super Advisor

‎09-27-2000 11:35 PM

‎09-27-2000 11:35 PM

"dead" sessions in who's output

Our users use Reflection/X to connect to our HP-UX servers. I presume that from time to time, their PC's crash or are turned off without exiting normally from Reflection. In such cases their sessions become hung. I think that HP-UX has no default time-out mechanism to kill such interactive sessions. Most of the times I have to kill (with -9) the processes listed in "who -u" output. Even in this case (that is, when the processes are killed) the "who -u" output still displays these sessions.

For example, presently I know that there is no "itadmin" user in the system (I checked this with the "ps -fu itadmin" command, which displays nothing), but the "who -u" command displays something like:

# who -u | grep itadmin
itadmin pts/1 Sep 26 22:21 old 22904 10.16.67.183:0.0
itadmin pts/8 Sep 26 14:21 14:22 19565 haktur:0.0
itadmin pts/13 Sep 28 09:22 1:07 13301 seyalt
itadmin pts/14 Sep 28 09:22 1:07 13304 seyalt
itadmin pts/15 Sep 28 09:22 1:07 13303 seyalt
itadmin pts/29 Sep 25 15:24 old 18229 10.16.67.183:0.0
itadmin pts/30 Sep 25 15:24 old 18231 10.16.67.183:0.0
itadmin pts/32 Sep 25 15:24 1:10 18232 10.16.67.183:0.0
itadmin pts/35 Sep 25 15:24 old 18234 10.16.67.183:0.0

I know that this has to do with the wtmp file which is not updated correctly by the system. What can be the solution to this problem?
0 Kudos
Reply
2 REPLIES 2
Andreas Voss
Honored Contributor

‎09-27-2000 11:57 PM

‎09-27-2000 11:57 PM

Solution

Re: "dead" sessions in who's output

Hi,

i had the same problem.
So i wrote a little c program (i called it utmpfix) that fixes the /etc/utmp file.
Put you at attachment.

Regards
Reply
Marcel Eken_2
Frequent Advisor

‎09-28-2000 12:04 AM

‎09-28-2000 12:04 AM

Re: "dead" sessions in who's output

Hi Fedon,


who gets its information from the /etc/utmp file. The file is
usually cleaned when a user logs out but in this case it became corrupt.

Follow these steps to remove the non existent sessions from the file :


1.check the last modification time of the /etc/utmp file

ls -l /etc/utmp

-rw-r--r-- 1 root root 1620 Jun 28 09:22 /etc/utmp

2.convert the binary /etc/utmp file to ascii :

/usr/sbin/acct/fwtmp /tmp/utmp.ascii

3.edit the /tmp/utmp.ascii file to remove the old entries

Note : the entries are sorted by date, simply use the login time reported by
who(1) to find the lines to remove.

4.convert the file back to binary format :

/usr/sbin/acct/fwtmp -ic /tmp/utmp.binary

5.verify that all unwanted entries have been removed from the new file :

who /tmp/utmp.binary

6.verify that the /etc/utmp file has not been modified since the
beginning of this procedure :

ls -l /etc/utmp

-rw-r--r-- 1 root root 1620 Jun 28 09:22 /etc/utmp

If the file has been updated do all the steps again.

7.replace the existing /etc/utmp file with the new one :

mv /tmp/utmp.binary /etc/utmp

8.verify that the file still has the same ownership and permissions :

ls -l /etc/utmp

-rw-r--r-- 1 root root 1600 Jun 28 09:30 /etc/utmp


The who(1) command will now report the correct information.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.