UNIX for Dummies Questions & Answers

Hi all,

this is what I get from the output from the "who" command

# who -a |grep admin|sort
admin network Feb 4 17:56 . 6272 id=16:0 term=0 exit=0
admin network Feb 5 14:44 . 11403 id=71:0 term=0 exit=0
admin network Feb 7 17:36 . 28086 id=75:0 term=0 exit=0
admin network Feb 7 20:23 . 28745 id=11:0 term=0 exit=3
admin network Feb 8 14:18 . 3666 id=66:0 term=0 exit=0
admin network Feb 8 16:57 . 1437 id=67:0 term=0 exit=0
admin network Feb 8 18:00 . 5278 id=109: term=0 exit=0
admin network Feb 9 16:22 . 8325 id=03:0 term=0 exit=3
admin network Feb 11 12:33 . 17406 id=17:0 term=0 exit=0
admin network Feb 11 15:39 . 18951 id=07:0 term=0 exit=0
admin network Feb 11 17:09 . 18064 id=70:0 term=0 exit=0
admin network Feb 11 20:08 . 23179 id=14:0 term=0 exit=3
admin network Feb 12 08:17 . 25433 10.156.81.68:0
admin network Feb 12 08:46 . 25696 10.156.81.69:0
admin network Feb 12 09:06 . 25842 10.156.81.123:0
admin network Feb 12 09:09 . 26042 10.156.81.82:0
admin network Feb 12 09:12 . 25144 id=57:5 term=0 exit=0
admin network Feb 12 09:33 . 26224 id=84:0 term=0 exit=0
admin network Feb 12 09:59 . 26586 192.122.86.100:0
admin network Jan 30 12:57 . 1384 id=15:0 term=0 exit=0
admin network Jan 30 18:25 . 3227 id=19:0 term=0 exit=3
admin network Jan 31 18:26 . 13075 id=02:0 term=0 exit=0
admin ttyp1 Feb 12 09:44 0:22 26477 id= p1 term=0 exit=0
admin ttyp2 Feb 12 08:13 1:53 25392 id= p2 term=0 exit=0
admin ttyp3 Feb 12 09:02 1:04 25660 id= p3 term=0 exit=0
admin ttyp4 Feb 11 17:52 old 21988 id= p4 term=0 exit=0
admin ttyp5 Feb 12 10:05 . 26867 10.156.81.68:0.0
admin ttyp6 Feb 12 10:03 0:03 26021 id= p6 term=0 exit=0
admin ttyp7 Feb 11 18:22 15:44 22282 id= p7 term=0 exit=0
admin ttyp8 Feb 11 18:22 15:44 22286 id= p8 term=0 exit=0
admin ttyp9 Feb 11 19:02 15:04 22792 id= p9 term=0 exit=0
admin ttypa Feb 11 14:23 19:42 18927 id= pa term=0 exit=0
admin ttypb Feb 11 11:38 22:28 17130 id= pb term=0 exit=0
admin ttypc Feb 8 17:03 old 5416 id= pc term=0 exit=0
admin ttypd Feb 11 14:06 20:00 19538 id= pd term=0 exit=0
admin ttype Feb 11 17:09 20:55 18164 id= pe term=0 exit=0
admin ttypf Feb 11 17:09 16:56 18173 id= pf term=0 exit=0
admin ttyq0 Feb 11 14:35 old 19448 id= q0 term=0 exit=0

I want to kill all the users that have "network" next to them. When I do a ps -ef|grep network I get nothing. Any ideas at all please?

Cheers

When you do a "who -a", you get every entry in utmp. Entries like:
admin network Feb 7 20:23 . 28745 id=11:0 term=0 exit=3
admin network Feb 8 14:18 . 3666 id=66:0 term=0 exit=0
exist only to record the exit code of the terminated process.

Stopping unix from recording this information would require a modification to init at least and maybe login depending on how information you want to suppress.

I see, thanks for that.

Below basic help for the command "who" can be seen. If I do a "who -d" to see all the dead processes, this is what I get :

# who -d|sort
LOGIN network Feb 4 21:07
LOGIN network Feb 10 09:21
LOGIN network Feb 11 13:33
LOGIN pts/1 Feb 8 12:25
admin network Feb 4 17:56
admin network Feb 5 14:44
admin network Feb 7 17:36
admin network Feb 7 20:23
admin network Feb 8 14:18
admin network Feb 8 16:57
admin network Feb 8 18:00
admin network Feb 9 16:22
admin network Feb 11 12:33
admin network Feb 11 15:39
admin network Feb 11 17:09
admin network Feb 11 20:08
admin network Feb 12 09:12
admin network Feb 12 09:33
admin network Feb 12 11:53
admin network Feb 12 12:03
admin network Jan 30 12:57
admin network Jan 30 18:25
admin network Jan 31 18:26
admin ttyp1 Feb 12 09:44
admin ttyp2 Feb 12 08:13
admin ttyp6 Feb 12 10:03
admin ttyp7 Feb 11 18:22
admin ttypf Feb 11 17:09
admin ttyq0 Feb 11 14:35
bcheckrc . Jan 30 11:49
cat . Jan 30 11:49
rc . Jan 30 11:50
sh . Feb 12 08:58
sh . Feb 12 08:58
sh . Feb 12 08:58
sh . Jan 30 11:49


What I want to do is get rid of all the sessions before today(12/02/02), how can I do that ?

Cheers !


Usage: who [-rbtpludAasHTqRm] [am i] [utmp_like_file]

r run level
b boot time
t time changes
p processes other than getty or users
l login processes
u useful information
d dead processes
A accounting information
a all (rbtpludA options)
s short form of who (no time since last output or pid)
H print header
T status of tty (+ writable, - not writable, x exclusive open, ? hung)
q quick who
R print host name

Can anyone help please??

Thanks

There is nothing to get rid of. It is a history of what has happened on the system. It is not processes on the system.

I cannot think of any valid reason you would want to remove those entries unless....

Ok, let me rephrase then :

If I do a 'w' I get the below. ALL these are current connections, right?

# w
6:28pm up 13 days, 6:39, 6 users, load average: 2.48, 2.63, 2.65
User tty login@ idle JCPU PCPU what
admin network 6:05pm 3 -
admin network 10:09am 3 -
admin ttyp3 6:25pm 1 /usr/bin/noc/gnurdirect 10.156.64.65 20007 LOGIN_AUTO LOGIN_
admin ttyp4 6:25pm /usr/bin/noc/gnurdirect 10.156.64.65 10022 LOGIN_AUTO LOGIN_
root pts/0 6:28pm w
admin network 4:50pm 3 -

How can I kill the admin ones with the dash(-). I try to grep network but nothing shows up. If I grep ttyp3 for example I get the session and I can kill it. I want to kill the ones that have a - (dash) next to them but the proccess ID does not show up.

Sorry if I confuse you, let me know so I can provide more information if you need. Any help will be much appreciated.

Try variations on

ps -ef |grep admin |grep -v tty
to get processes not associated with a terminal and owned by admin.