Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!olivea!samsung!think.com!yale.edu!cs.yale.edu!fractal.math.yale.edu!fn From: fn@fractal.math.yale.edu (Francois Normant) Newsgroups: comp.unix.aix Subject: Re: ghost user processes Message-ID: <1991Jun21.212751.741@cs.yale.edu> Date: 21 Jun 91 21:27:51 GMT References: <1991Jun21.200251.9745@uokmax.ecn.uoknor.edu> Sender: news@cs.yale.edu (Usenet News) Organization: Yale University - Mathematics Department Lines: 113 Nntp-Posting-Host: fractal.math.yale.edu In article <1991Jun21.200251.9745@uokmax.ecn.uoknor.edu> stsiegem@uokmax.ecn.uoknor.edu (Stephan Siegemund-Broka) writes: >Does anyone out there know a fix for the corrupted utmp database? >It seems that rlogin sessions when they exit don't properly zero out >the data base in utmp and so finger or w report ghost sessions that >aren't really there (they don't show up in ps for example). >Thanks. Here is a daemon posted on this newsgroup a few month ago by John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) | Domain: jfh@rpp386.cactus.org In article <1991Mar25.164317.9775@rs6000.cmp.ilstu.edu> dbeedle@rs6000.cmp.ilstu.edu (Dave Beedle) writes: > Hi all. I've got a strange problem going on with AIX 3003. When I do >a who or an Finger I see one user (not the same all the time) who appears >to have been logged on for 26 (or more) days. The user is not currently >logged on and has no processes running. What is going on? We recently >installed xwindows, pcsim, AIX access, and a compiler or two. I've mentioned this several times, so here is the source code. This code is being provided without warrantee (or even a copyright notice). Use it at your own risk. Compile this program with "cc -o /etc/utmpd utmpd.c" and run in the background with "nohup /etc/utmpd < /dev/null > /dev/null 2>&1 &" from your /etc/rc file. I use it on this system to clean up utmp file entries left over from various programs that create sessions on pty devices. DISCLAIMER: I speak for myself only. My employers are not responsible for what I post here and will not provide support for this code or anything it may do to your system. Use at your own risk. -- ---- begin utmpd.c ---- #include #include #include main () { int fd; struct utmp utmp; while (1) { if ((fd = open ("/etc/utmp", O_RDWR)) < 0) exit (1); while (read (fd, &utmp, sizeof utmp) == sizeof utmp) { if (utmp.ut_type == USER_PROCESS && kill (utmp.ut_pid, 0) != 0) { lseek (fd, - (long) sizeof utmp, 1); utmp.ut_type = DEAD_PROCESS; write (fd, &utmp, sizeof utmp); } } close (fd); } close (fd); sleep (60); } } ---- end utmpd.c ---- and adapted by David Crow (512) 823-4834 IBM VNET: dlcrow@austin AIX Systems Graphics Development Internet: crow@waterloo.austin.ibm.com This is the code that John Haugh posted to clean out the utmp file. I have changed it a little bit since he posted it, so it is not exactly the same. I think that the only thing that I did was take out a while loop that encompassed the entire program and made it more like a daemon. As John says in the comment, this is public domain. This is NOT an official program from IBM. /* * this code is in the public domain. do with it as you * please. - jfh. 12/19/90 */ #include #include #include main () { int fd; struct utmp utmp; if ((fd = open ("/etc/utmp", O_RDWR)) < 0) { printf("Could not open /etc/utmp\n"); exit (1); } while (read (fd, &utmp, sizeof utmp) == sizeof utmp) { if (utmp.ut_type != DEAD_PROCESS && kill (utmp.ut_pid, 0) != 0) { lseek (fd, - (long) sizeof utmp, 1); utmp.ut_type = DEAD_PROCESS; if ( write (fd, &utmp, sizeof utmp) != sizeof utmp ) { close(fd); printf("Could not write to /etc/utmp\n"); exit(1); } } } close (fd); } -- Francois Normant - fn@math.yale.edu Yale University - Mathematics Department Box 2155 - Yale Station New Haven CT 06520