HPE Community
Operating System - HP-UX
1824971 Members
4572 Online
109678 Solutions
New Discussion юеВ

utmp corruption?

 
Nishan Sandhar
Occasional Advisor

тАО02-27-2002 04:55 PM

тАО02-27-2002 04:55 PM

utmp corruption?

It appears that my /etc/utmp file is corrupted. The who command shows users being logged in, who are actually not logged in.

Also, when trying to change the password command, it fails with:

$ passwd
Usage: passwd [ -F file ] [ name ]
$

In addition, the perl "getlogin" function (which utilizes the getlogin() in C/Unix) also fails.

The commonality is the /etc/utmp file.

Is there a way to reset the file? Could it be something else?
0 Kudos
Reply
5 REPLIES 5
SHABU KHAN
Trusted Contributor

тАО02-27-2002 05:01 PM

тАО02-27-2002 05:01 PM

Re: utmp corruption?

Hi,

I would just zero that file.. that should fix the problem

> /etc/utmp

There are a lot threads out there in this forum which discusses this... try a search on utmp..

-Shabu
0 Kudos
Reply
Michael Tully
Honored Contributor

тАО02-27-2002 05:07 PM

тАО02-27-2002 05:07 PM

Re: utmp corruption?

Hi,

Once the utmp file has become corrupted I don't
believe that there is a way to actually fix it.

# rm /etc/utmp
# touch /etc/utmp

When using the passwd command you must specify
a user account e.g.

# passwd fred (or a force change)
# passwd -f fred

HTH
-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО02-27-2002 05:07 PM

тАО02-27-2002 05:07 PM

Re: utmp corruption?

Hi:

You will need to drop to single-user mode, null the file and reboot.

# cat /dev/null > /etc/wtmp

If you are running 11.0 make sure you have patch PHNE_24762 installed.

Regards!

...JRF...
0 Kudos
Reply
Animesh Chakraborty
Honored Contributor

тАО02-27-2002 05:10 PM

тАО02-27-2002 05:10 PM

Re: utmp corruption?

Hi

//quote//

The utmp file can be manipulated with the fwtmp command.

1.check the last modification time of the /etc/utmp file
ls -l /etc/utmp
-rw-r--r-- 1 root root 1620 Jun 28 09:22 /etc/utmp

2.convert the binary /etc/utmp file to ascii :
/usr/sbin/acct/fwtmp /tmp/utmp.ascii

3.edit the /tmp/utmp.ascii file to remove the old entries
Note : the entries are sorted by date, simply use the login time reported
by
who(1) to find the lines to remove.

4.convert the file back to binary format :
/usr/sbin/acct/fwtmp -ic /tmp/utmp.binary

5.verify that all unwanted entries have been removed from the new file :
who /tmp/utmp.binary

6.verify that the /etc/utmp file has not been modified since the beginning of
this procedure :
ls -l /etc/utmp
-rw-r--r-- 1 root root 1620 Jun 28 09:22 /etc/utmp
If the file has been updated do all the steps again.

7.replace the existing /etc/utmp file with the new one :
mv /tmp/utmp.binary /etc/utmp

8.verify that the file still has the same ownership and permissions :
ls -l /etc/utmp
-rw-r--r-- 1 root root 1600 Jun 28 09:30 /etc/utmp

The who command will now report the correct information.


//quote//
Cheers
Animesh
Did you take a backup?
0 Kudos
Reply
steven Burgess_2
Honored Contributor

тАО02-27-2002 05:11 PM

тАО02-27-2002 05:11 PM

Re: utmp corruption?

There is also a programme called utmp_fix which you can run on an id to remove all utmp entries , i have attached the binary to this reply

take your time and think things through
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.