- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- who -q and who -u reports logins that have no proc...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2004 12:57 AM
тАО05-21-2004 12:57 AM
Server is a trusted server that contains copy of /etc/passwd, /etc/group and /tcb files from the primary server.
Any idea why it reports logins that do not currently have any processes. I want to terminate these active logins.
Jack...
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2004 01:00 AM
тАО05-21-2004 01:00 AM
Re: who -q and who -u reports logins that have no processes
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=499832
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2004 01:08 AM
тАО05-21-2004 01:08 AM
SolutionSometimes the only thing to do is to clear them out.
"> /var/adm/wtmp" usually does the trick.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2004 01:22 AM
тАО05-21-2004 01:22 AM
Re: who -q and who -u reports logins that have no processes
Are there any guidlines for determining which entries should be saved when fwtmp is ran to create a temporary file?
jack
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2004 01:29 AM
тАО05-21-2004 01:29 AM
Re: who -q and who -u reports logins that have no processes
they are not active logins if the wtmp files are corrupt.
have you checked to see if they are real logins
ps -ef | grep username
if nothing is returned then there is no login present.
if there is a user logged in which you think should not be then you may wish to check any associated processes against the login Parent process ID
fuser -c PID
John.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2004 01:32 AM
тАО05-21-2004 01:32 AM
Re: who -q and who -u reports logins that have no processes
One thing you could do is use fwtmp to out put the formatted ascii records and do a compare against the users that occur in a "ps" listing. Delete the records that have no processes and then build a new binary one. I'm sure a nice perl script is called for here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2004 01:35 AM
тАО05-21-2004 01:35 AM
Re: who -q and who -u reports logins that have no processes
I now only have three active root logins in the file that have login timestamps. I left the other entries alone.
jack
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2004 02:12 AM
тАО05-21-2004 02:12 AM
Re: who -q and who -u reports logins that have no processes
who -q [ Record logins ]
for each login from who -q output determine if the login has any active processes. E.g. ps -ef | grep loginname
/usr/sbin/acct/fwtmp < /etc/utmp > /tmp/utmp.txt
vi /tmp/utmp.txt
g/ 2003$/d
g/ 2004$/d
The remaining enties in file will contain what 'who -q' thinks are the active logins.
for each login from who -q/ps -ef task from above that 'does not' have any active processes, delete them.
/usr/sbin/acct/fwtmp -ic < /tmp/utmp.txt > /tmp/utmp
mv /etc/utmp /etc/utmp-yyyymmdd
cp -p /tmp/utmp /etc/utmp
chown root:root /etc/utmp
chmod 622 /etc/utmp