wrong output of "who" and "finger"

Dear GNU team,

I have a problem with output from "who" command. As you can see below

busdm:~ # who -u
root     pts/0        Nov  2 15:56   .         21861 (192.168.0.20)
root     pts/6        Jun 18 13:04   ?         15579 (10.11.20.1)

busdm:~ # uptime
  4:06pm  up 3 days  2:19,  2 users,  load average: 0.42, 0.30, 0.16
busdm:~ # date
Mon Nov  2 16:07:04 CET 2009


"who" shows me users logged in from Jun18, even so the host has been rebooted 3 days ago and today's date of the host is 2nd Nov. Also there is no PID 15579. Can you please explain this weird behaviour?



Best regards,
Viktor Burba

Burba, Viktor wrote:
This is from my expanding TODO list...

`who` should not report older entries with dupe ttys or invalid pids

That's from ages ago so I'm not sure if it's
even possible to filter invalid entries like this.

cheers,
Pádraig.

Burba, Viktor wrote:
The who command reads the system's utmp file.  This traditionally
existed at /etc/utmp but on modern systems has been moved to
/var/run/tmp.  You can find the actual file on your system by running
who under strace or other system call tracing tool.  Such as:

  $ strace -e file -o /tmp/who.strace who
  $ grep utmp /tmp/who.strace

When users log in, log out, create terminal windows in a graphical
terminal environment (e.g. start an xterm under X windows) the system
records this in the utmp file.  This is a log by "dead-reckoning" and
may become out of sync with reality if the system doesn't track it
correctly.  If a login entry is recorded but no corresponding logout
entry then who will report an entry which isn't really active.  The
who command reports data from that file.  If the data recorded doesn't
make sense then the result from who won't make sense.  GIGO.

It is usually the job of system start up scripts (aka rc scripts) to
set up the utmp file properly at system boot time.  Since the system
may have crashed previously the utmp file may contain stale
information.  At boot time a system script truncates the file to zero,
sets the proper ownership and permissions and prepares it for use.  On
my Debian system this is done in the /etc/init.d/bootmisc.sh script.

It appears that your system isn't properly clearing that file at boot
time.  You didn't say what system you were using.  But regardless the
problem appears to me with your report to be in a problem with the
boot time preparation of the utmp file.

Bob

Thank you very much, by the way I forgot to mention I have SuSE SLES10 x86_64. But it does not matter, thanks a lot, now I have idea where to look for

Viktor Burba

-----Ursprüngliche Nachricht-----
Von: Bob Proulx [mailto:bob@...]
Gesendet: Montag, 2. November 2009 22:53
An: Burba, Viktor
Cc: bug-coreutils@...
Betreff: Re: wrong output of "who" and "finger"

Burba, Viktor wrote:
The who command reads the system's utmp file.  This traditionally
existed at /etc/utmp but on modern systems has been moved to
/var/run/tmp.  You can find the actual file on your system by running
who under strace or other system call tracing tool.  Such as:

  $ strace -e file -o /tmp/who.strace who
  $ grep utmp /tmp/who.strace

When users log in, log out, create terminal windows in a graphical
terminal environment (e.g. start an xterm under X windows) the system
records this in the utmp file.  This is a log by "dead-reckoning" and
may become out of sync with reality if the system doesn't track it
correctly.  If a login entry is recorded but no corresponding logout
entry then who will report an entry which isn't really active.  The
who command reports data from that file.  If the data recorded doesn't
make sense then the result from who won't make sense.  GIGO.

It is usually the job of system start up scripts (aka rc scripts) to
set up the utmp file properly at system boot time.  Since the system
may have crashed previously the utmp file may contain stale
information.  At boot time a system script truncates the file to zero,
sets the proper ownership and permissions and prepares it for use.  On
my Debian system this is done in the /etc/init.d/bootmisc.sh script.

It appears that your system isn't properly clearing that file at boot
time.  You didn't say what system you were using.  But regardless the
problem appears to me with your report to be in a problem with the
boot time preparation of the utmp file.

Bob