hi, i noticed that there are still past logins which have not been terminated. how should i removed them?
i am on aix.

Depends on the operating system.

On some OSs you could go and removed the offending entries from the /etc/passwd and/or /etc/shadow and /etc/groups.

Under FreeBSD, you can use vipw to remove entries (FreeBSD also uses a /etc/master.passwd instead of /etc/shadow).

Have you verified that none of these accounts are used for cron-jobs or suid's?

Auswipe, I believe they are talking about ids that show up when you do a who -a that are "old".

I see this on my systems as well. With who -q, I have 6 users logged in, but my who -a shows many other ids that are latent. Folks who are not logged in, but have been in the past.

Here are a few examples of what I think he is talking about.

user 1 pts/13 Oct 28 15:14 old 24395 id= 13 term=0 exit=0
user2 ttyp3 Nov 11 16:44 old 5342 id= p3 term=0 exit=0


Is that what you are talking about yls177???

do a who -u and u get a list of users.. the dates are displayed as well. now, how to explain those entries whose dates are far way back?

thanks

In the old days, we had directly attached dumb terminals that we used. A program called getty would initialize the port, print a login prompt and read a login name. If that read ever succeded, it would exec login which would get your password and then then exec your shell. When your shell exited, init would notice and respawn a new getty.

The getty program would clear out a utmp entry. The login program would put the user's info in the utmp entry.

So you never had these leftovers. If the system rebooted or if if your shell died, a new getty would come along and clear out the utmp entry.

Then came networks. Now we have telnetd (or something similiar) that creates the utmp entry and then forks and exec's login. The telnetd, besides handling the communication, is waiting for the shell to exit. When it does, telnetd will clear out that utmp entry.

But if the telnetd is killed with -9 or if the system reboots unexpectedly with users still logged in, the entry in utmp persists. Eventually, the pty will be re-used and entry re-used as well. But in the meantime the old entries continue to show up in "who".

You could clear the file out at reboot time if it really bothers you. I see it as a resource. Each such entry is evidence of something that went wrong.

are there any alternatives besides rebooting?

wow, i am impressed by your knowledge of unix... especially.. " in the old days"

am sure that will have a great time learning from you and many of the others..

cheers

The only alternative that would be safe would be to write a utility to clean them out.

I *think* that it might be possible to use fwtmp to fix this, but it wasn't intended for that and you would somehow need to prohibit logons and logoffs during the process.