home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.sys.sun.admin:4914 comp.security.misc:799
- Path: sparky!uunet!olivea!decwrl!access.usask.ca!news
- From: skeeter@skatter.usask.ca
- Newsgroups: comp.sys.sun.admin,comp.security.misc
- Subject: Re: 0 users?
- Message-ID: <1992Jul23.194048.24358@access.usask.ca>
- Date: 23 Jul 92 19:40:48 GMT
- References: <1992Jul20.224045.21724@Princeton.EDU>
- Sender: news@access.usask.ca (USENET News System)
- Organization: University of Saskatchewan
- Lines: 53
- Nntp-Posting-Host: cygnus.usask.ca
-
- From article <1992Jul20.224045.21724@Princeton.EDU>, by mikulska@crux.Princeton.EDU (Margaret Mikulska):
- > The following happened on one of our systems; I'm a bit concerned about
- > it, since the only other time I saw this behavior, it turned out to be
- > a security problem (to put it mildly).
- >
- > A user logs in to his workstation:
- >
- > -------------------------------------------------------------------------
- >
- > Last login: <some_date> from <...>
- > SunOS Release 4.1.1-IPX (HOSTNAME) #6: Wed Feb 26 23:30:32 EST 1992
- > You have mail.
- > 10:29pm up 3 days, 10:13, 0 user, load average: 0.09, 0.02, 0.01
- > hostname% users
- > hostname% finger
- > No one logged on
- > hostname% who
- > joe ttyp0 Jul 17 22:29
- > hostname% finger
- > No one logged on
- > hostname% finger joe
- > Login name: joe In real life: Joe R.User
- > Directory: /u/joe Shell: /bin/csh
- > On since <date> on ttyp0 13 seconds Idle Time
- > Mail last read <some_date>
- > No Plan.
- > hostname%
- >
- > --------------------------------------------------------------------------
- >
- > Why would finger and uptime show '0 user' while 'joe' is on the system?
- > I presume that /etc/utmp was truncated - could there be any harmless
- > reason for that? Any other harmless reason for having '0 user'?
- >
- > Any advice appreciated.
- >
- > Margaret Mikulska
- > mikulska@phoenix.princeton.edu
-
- When a person logs in (normally or with rlogin) an entry in made in
- /etc/utmp which is checked by finger and uptime. When someone
- does an 'rsh' instead, it will show up only with 'w' or 'who'.
- I routinely do this:
- "rsh skatter -n bin/Xremote $HOST cmdtool -Wt 6x13 -Wl skatter \&"
- where a script (Xremote) is run on skatter which
- 1. sets the DISPLAY (using $HOST (which is the machine I'm really
- on)) and other environment variables.
- 2. starts a cmdtool on skatter (which is better because it's a sun4 and I'm using a sun3).
- Using this method I show up with a 'w' or a 'who' but not finger.
-
- Skeeter Abell-Smith skeeter@skatter.usask.ca
- System Administrator (no nifty .sig *sniff*)
- Saskatchewan Accelerator Laboratory
-