Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

linux funk



James Dow wrote:
> 
> Hello again,
> 
> I am hoping someone can help me with a couple of problems I am encountering.
> 
> Firstly when I run top I get an error:
> 
> bad data in /var/run/utmp
> 
> and xterm kind of dies i.e. anything typed doesnt show up but gets executed
> 
> I've tried replacing the utmp file by deleting/touching it and this works
> for awhile before dying again.
> 
> The other problem I have is with last. When I do a last I get:
> 
> *****                 ssweeneygrenada. Wed Dec 31 19:00 - 19:00  (00:00)
> *****                 *                Wed Dec 31 19:00 - 19:00  (00:00)
> *****                 *                Wed Dec 31 19:00 - 19:00  (00:00)
> *y                    bryanlt.travelon Wed Dec 31 19:00 - 19:00  (00:00)
> Zp                                     Wed Dec 31 19:00 - 19:00  (00:00)
> ]p       D***                          Wed Dec 31 19:00   still logged in
> *n       bT*7jdow                      Wed Dec 31 19:00   still logged in
> **{7                                   Wed Dec 31 19:00 - 19:00  (00:00)
> **{7D***              *                Wed Dec 31 19:00 - 19:00  (00:00)
> 1                     travelon*****    Wed Dec 31 19:00 - 19:00  (00:00)
> 2                     root             Wed Dec 31 19:00 - 19:00  (00:00)
> 2                                      Wed Dec 31 19:00 - 19:00  (00:00)
> 
> wtmp begins Wed Dec 31 19:00:00 1969
> 
> With these problems Ive noticed that nothing is being logged to
> /var/log/secure
> 
> Any insight on this would be greatly appreciated.
I cannot answer in specific terms. The way utmp/wtmp works is that utmp is
created each time you transition to multi-user from single user, where wtmp
is cumulative. 
Init writes initialization records into utmp and wtmp. One main difference
is that access to utmp should use the library functions, getutent, pututline
and relatives. Access to wtmp is direct. There has been some recent changes
to the utmp structure over the past couple of years. One is that the host
name size has changed (UT_HOSTSIZE) from 64 to 256 bytes, and that the 
ut_time has been changed to a struct timeval (eg. ut_tv). If you have
upgraded from an older version of Linux, you may still have some code
corrupting utmp. I mentioned /sbin/init, but others, such as login, rlogin,
xterm, dtterm, and other terms also write to utmp and wtmp. 

In addition, if an xterm crashes, it is not going to put a terminating entry
in, so you will still have the "still logged in" messages. Also, remember
that /var/log/wtmp and /var/log/lastlog are cumulative. Lastlog is indexed
by the user id. 

After all that, it really appears that you do not have a clean system. 
-- 
Jerry Feldman (HP On-Site Consultant) http://gbrweb.msd.ray.com/~gzf/
+-------------------------------------------------------+-----Note: ------+
| Raytheon Electronic Systems  (W) (781)999-1837/1-1837 | My views may not|
| Mail Stop:  S3SG10           (F) (781)999-3572/1-3572 | reflect the     |
| 180 Hartwell Road            (E) gzf at gbr.msd.ray.com  | views of my     |
| Bedford, MA 01730-2498       (H) gaf at mediaone.net     | employer.       |
+-------------------------------------------------------+-----------------+
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org