01-28-2015
who reads the /var/log/utmp (and others) file for login information.
So, I cannot assume anything but that those are valid login records.
The only way to test that is to manually kill off the fake* family of process, run who to be sure you got them all, log on ONCE using faketester, verify with who. If this pans out, then you need to consider who output authoritative. It always is unless some process tinks with files in /var/log.
Go from that point with your experimenting.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hello,
I've been tasked with migrating users from one linux server to another new linux server. This is how I was thinking of doing it:
1.) Open up an NFS connection between the two servers, cp -Rp /home/ to the new server and then append the old /etc/group & /etc/passwd to the existing... (2 Replies)
Discussion started by: vancouver_joe
2 Replies
2. IP Networking
I have an RS6000 server running AIX and on occasion all users are logged out of the server "connection closed by foreign host" is the error message. Normally a user can press enter and get a Login prompt, but they get the message "connection refused" and then the users can wait a minute or so and... (2 Replies)
Discussion started by: Docboyeee
2 Replies
3. IP Networking
We have two NIC cards in our IBM RS/6000 F50 running AIX 4.3.3
We are trying to make sure we have moved all users to log in through the new NIC.
10.22.x.y (old)
10.22.x.z (new)
How can I tell which users are still using the old address for logging in so I can update their work station to... (5 Replies)
Discussion started by: cburtgo
5 Replies
4. Shell Programming and Scripting
in unix what is the syntax to find out how many users are currently logged in (4 Replies)
Discussion started by: trichyselva
4 Replies
5. Post Here to Contact Site Administrators and Moderators
how to find out users who logged out within 5 minutes (1 Reply)
Discussion started by: roshni
1 Replies
6. Shell Programming and Scripting
I have searched the forums but have not mangaed to quite find what im looking for. I have used to /etc/passwd command to present me a list of all users the who command to present all users currently logged on, but what i want to know is what command can i use to display users that are registered... (12 Replies)
Discussion started by: warlock129
12 Replies
7. UNIX for Dummies Questions & Answers
How do I find this out? I have a feeling its a simple command such as who, but I just don't know what it is. I've had a search on here but either I can't put it into the right search criteria or there isn't a topic on it.
Thanks.
EDIT: Delete this thread, as I posted it I noticed the... (0 Replies)
Discussion started by: chris_rabz
0 Replies
8. Red Hat
I have 2 systems. (1) RHEL5 and (2) winXP pro
from xpPRO putty i ssh into rhel5 : user root
from xpPRO i ftp into rhel5 : user abc123
when i run #uptime it only shows 1 user
when i do #ps -u abc123 : it shows vsftpd deamon PID
is there a command that can be used to show all currently... (4 Replies)
Discussion started by: dplinux
4 Replies
9. Shell Programming and Scripting
how to find out total number of users logged in a server from uptime . i mean to say i need the total output of unix command . who gives the out put at a particular time . I need at all time from which machine who has connected , (3 Replies)
Discussion started by: amiya.te@gmail
3 Replies
10. Red Hat
Scenario:
1. Log into a linux server interface as root.
2. Inititiate an SSH session with the server using Putty and a valid user account (e.g. fakeuser).
3. Log into TTY2 of the linux server interface using another valid user account (e.g. faketester).
Issue:
With these three login... (1 Reply)
Discussion started by: walterthered
1 Replies
UTMP(5) BSD File Formats Manual UTMP(5)
NAME
utmp, wtmp, lastlog -- login records
SYNOPSIS
#include <utmp.h>
DESCRIPTION
The file <utmp.h> declares the structures used to record information about current users in the file utmp, logins and logouts in the file
wtmp, and last logins in the file lastlog. The time stamps of date changes, shutdowns and reboots are also logged in the wtmp file.
The wtmp file can grow rapidly on busy systems, and is normally rotated with newsyslog(8).
These files must be created manually; if they do not exist, they are not created automatically.
#define _PATH_UTMP "/var/run/utmp"
#define _PATH_WTMP "/var/log/wtmp"
#define _PATH_LASTLOG "/var/log/lastlog"
#define UT_NAMESIZE 8
#define UT_LINESIZE 8
#define UT_HOSTSIZE 16
struct lastlog {
time_t ll_time;
char ll_line[UT_LINESIZE];
char ll_host[UT_HOSTSIZE];
};
struct utmp {
char ut_line[UT_LINESIZE];
char ut_name[UT_NAMESIZE];
char ut_host[UT_HOSTSIZE];
time_t ut_time;
};
Each time a user logs in, the login(1) program looks up the user's UID in the file lastlog. If it is found, the timestamp of the last time
the user logged in, the terminal line and the hostname are written to the standard output, providing the login is not set quiet; see
login(1). The login(1) program then records the new login time in the file lastlog.
After the new lastlog record is written, the file utmp is opened and the utmp record for the user inserted. This record remains there until
the user logs out at which time it is deleted (by clearing the user and host fields, and updating the timestamp field). The utmp file is
used by the programs rwho(1), users(1), w(1), and who(1).
Next, the login(1) program opens the file wtmp, and appends the user's utmp record. When the user logs out, a utmp record with the tty line,
an updated time stamp, and cleared user and host fields is appended to the file by init(8). The wtmp file is used by the programs last(1)
and ac(8).
In the event of a date change, a shutdown or reboot, the following items are logged in the wtmp file.
reboot
shutdown A system reboot or shutdown has been initiated. The character '~' is placed in the field ut_line, and reboot or shutdown in the
field ut_name (see shutdown(8) and reboot(8)).
date The system time has been manually or automatically updated by date(1). The command name date is recorded in the field ut_name.
In the field ut_line, the character '|' indicates the time prior to the change, and the character '{' indicates the new time.
FILES
/var/run/utmp The utmp file.
/var/log/wtmp The wtmp file.
/var/log/lastlog The lastlog file.
SEE ALSO
last(1), login(1), w(1), who(1), utmpx(5), ac(8), init(8), lastlogin(8), newsyslog(8)
HISTORY
A utmp and wtmp file format appeared in Version 6 AT&T UNIX. The lastlog file format appeared in 3.0BSD.
BSD
May 14, 2003 BSD