Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Logged in users on a Linux server are counted twice
Operating Systems Linux Logged in users on a Linux server are counted twice Post 302933187 by jim mcnamara on Wednesday 28th of January 2015 11:50:05 AM
Old 01-28-2015
who reads the /var/log/utmp (and others) file for login information.
So, I cannot assume anything but that those are valid login records.

The only way to test that is to manually kill off the fake* family of process, run who to be sure you got them all, log on ONCE using faketester, verify with who. If this pans out, then you need to consider who output authoritative. It always is unless some process tinks with files in /var/log.

Go from that point with your experimenting.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Migrating all users from one linux server to another...

Hello, I've been tasked with migrating users from one linux server to another new linux server. This is how I was thinking of doing it: 1.) Open up an NFS connection between the two servers, cp -Rp /home/ to the new server and then append the old /etc/group & /etc/passwd to the existing... (2 Replies)
Discussion started by: vancouver_joe
2 Replies

2. IP Networking

All tcp/ip users are logged out

I have an RS6000 server running AIX and on occasion all users are logged out of the server "connection closed by foreign host" is the error message. Normally a user can press enter and get a Login prompt, but they get the message "connection refused" and then the users can wait a minute or so and... (2 Replies)
Discussion started by: Docboyeee
2 Replies

3. IP Networking

Users logged in through which NIC

We have two NIC cards in our IBM RS/6000 F50 running AIX 4.3.3 We are trying to make sure we have moved all users to log in through the new NIC. 10.22.x.y (old) 10.22.x.z (new) How can I tell which users are still using the old address for logging in so I can update their work station to... (5 Replies)
Discussion started by: cburtgo
5 Replies

4. Shell Programming and Scripting

how many users logged

in unix what is the syntax to find out how many users are currently logged in (4 Replies)
Discussion started by: trichyselva
4 Replies

5. Post Here to Contact Site Administrators and Moderators

logged out users

how to find out users who logged out within 5 minutes (1 Reply)
Discussion started by: roshni
1 Replies

6. Shell Programming and Scripting

Users Not Logged in

I have searched the forums but have not mangaed to quite find what im looking for. I have used to /etc/passwd command to present me a list of all users the who command to present all users currently logged on, but what i want to know is what command can i use to display users that are registered... (12 Replies)
Discussion started by: warlock129
12 Replies

7. UNIX for Dummies Questions & Answers

How many users are logged in?

How do I find this out? I have a feeling its a simple command such as who, but I just don't know what it is. I've had a search on here but either I can't put it into the right search criteria or there isn't a topic on it. Thanks. EDIT: Delete this thread, as I posted it I noticed the... (0 Replies)
Discussion started by: chris_rabz
0 Replies

8. Red Hat

Current logged in users

I have 2 systems. (1) RHEL5 and (2) winXP pro from xpPRO putty i ssh into rhel5 : user root from xpPRO i ftp into rhel5 : user abc123 when i run #uptime it only shows 1 user when i do #ps -u abc123 : it shows vsftpd deamon PID is there a command that can be used to show all currently... (4 Replies)
Discussion started by: dplinux
4 Replies

9. Shell Programming and Scripting

Total number of users logged in a server from uptime

how to find out total number of users logged in a server from uptime . i mean to say i need the total output of unix command . who gives the out put at a particular time . I need at all time from which machine who has connected , (3 Replies)
Discussion started by: amiya.te@gmail
3 Replies

10. Red Hat

Logged in users on a Linux server are counted twice

Scenario: 1. Log into a linux server interface as root. 2. Inititiate an SSH session with the server using Putty and a valid user account (e.g. fakeuser). 3. Log into TTY2 of the linux server interface using another valid user account (e.g. faketester). Issue: With these three login... (1 Reply)
Discussion started by: walterthered
1 Replies

LEARN ABOUT NETBSD

utmp

UTMP(5) 						      BSD File Formats Manual							   UTMP(5)

NAME

     utmp, wtmp, lastlog -- login records

SYNOPSIS

     #include <utmp.h>

DESCRIPTION

     The file <utmp.h> declares the structures used to record information about current users in the file utmp, logins and logouts in the file
     wtmp, and last logins in the file lastlog.  The time stamps of date changes, shutdowns and reboots are also logged in the wtmp file.

     The wtmp file can grow rapidly on busy systems, and is normally rotated with newsyslog(8).

     These files must be created manually; if they do not exist, they are not created automatically.

	   #define _PATH_UTMP	   "/var/run/utmp"
	   #define _PATH_WTMP	   "/var/log/wtmp"
	   #define _PATH_LASTLOG   "/var/log/lastlog"

	   #define UT_NAMESIZE	   8
	   #define UT_LINESIZE	   8
	   #define UT_HOSTSIZE	   16

	   struct lastlog {
		   time_t  ll_time;
		   char    ll_line[UT_LINESIZE];
		   char    ll_host[UT_HOSTSIZE];
	   };

	   struct utmp {
		   char    ut_line[UT_LINESIZE];
		   char    ut_name[UT_NAMESIZE];
		   char    ut_host[UT_HOSTSIZE];
		   time_t  ut_time;
	   };

     Each time a user logs in, the login(1) program looks up the user's UID in the file lastlog.  If it is found, the timestamp of the last time
     the user logged in, the terminal line and the hostname are written to the standard output, providing the login is not set quiet; see
     login(1).	The login(1) program then records the new login time in the file lastlog.

     After the new lastlog record is written, the file utmp is opened and the utmp record for the user inserted.  This record remains there until
     the user logs out at which time it is deleted (by clearing the user and host fields, and updating the timestamp field).  The utmp file is
     used by the programs rwho(1), users(1), w(1), and who(1).

     Next, the login(1) program opens the file wtmp, and appends the user's utmp record.  When the user logs out, a utmp record with the tty line,
     an updated time stamp, and cleared user and host fields is appended to the file by init(8).  The wtmp file is used by the programs last(1)
     and ac(8).

     In the event of a date change, a shutdown or reboot, the following items are logged in the wtmp file.

     reboot
     shutdown	 A system reboot or shutdown has been initiated.  The character '~' is placed in the field ut_line, and reboot or shutdown in the
		 field ut_name (see shutdown(8) and reboot(8)).

     date	 The system time has been manually or automatically updated by date(1).  The command name date is recorded in the field ut_name.
		 In the field ut_line, the character '|' indicates the time prior to the change, and the character '{' indicates the new time.

FILES

     /var/run/utmp     The utmp file.
     /var/log/wtmp     The wtmp file.
     /var/log/lastlog  The lastlog file.

SEE ALSO

     last(1), login(1), w(1), who(1), utmpx(5), ac(8), init(8), lastlogin(8), newsyslog(8)

HISTORY

     A utmp and wtmp file format appeared in Version 6 AT&T UNIX.  The lastlog file format appeared in 3.0BSD.

BSD
								   May 14, 2003 							       BSD
All times are GMT -4. The time now is 02:00 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy