Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!codas!peora!pesnta!phri!roy
From: roy@phri.UUCP
Newsgroups: comp.unix.wizards
Subject: How do you define "logged in"?
Message-ID: <2585@phri.UUCP>
Date: Sun, 1-Feb-87 12:54:53 EST
Article-I.D.: phri.2585
Posted: Sun Feb  1 12:54:53 1987
Date-Received: Tue, 3-Feb-87 01:45:02 EST
Reply-To: roy@phri.UUCP (Roy Smith)
Organization: Public Health Research Inst. (NY, NY)
Lines: 60


	Can somebody give me a good definition of "being logged in"?  We've
got a 4.2BSD Vax and a bunch of Sun 3.1 Sun-3's, each of which seem to have
a different idea of what it means to be logged in.

	On a Sun workstation, if you run w, it shows you being logged in
multiple times, once for each window (just the windows running shells, I
think).  W also has a tendency not to realize when you log out -- I think
as long as a pty doesn't get reused, w still thinks you are logged in
there.  On the other hand, w on the Sun correctly shows people who are
logged in via network connections (rlogin or telnet), while the Vax seems
to ignore those.  Running who or last on the Vax also misses the network
logins, but lastcomm records commands run on network login connections and
when you login, the "Last login:" message does take into account network
connections.

	Moving on to rwho, we see that the Sun file servers properly report
the number of people who are logged in (either on the console or via the
network), while the Vax only reports serial line logins, missing the
network connections, and the diskless Suns always show 0 people logged,
regardless of how they are connected (I'm not sure about logins directly on
the serial ports, tty[ab]).  All machines seem to get the load and uptime
stats out, so I assume rwhod is running OK.

	As it stands now, it seems that the concept of "being logged in"
depends on a variety of things: process ownership, tty/pty ownership,
presence or absence of a controlling tty, and entries made in various
accounting files during login and logout.  Various programs seem to look at
different subsets of these to glean their information.  Consider the
following situations:

	1) On a tty, running a shell
	2) On a tty running something like uucico.
	3) On a pty, running rlogin or telnet, or an interactive rsh.
	4) On a pty, using some sort of interactive LAT protocol.
	5) On the console of a workstation running a shell and/or suntools.
	6) On a non-pty socket running ftp.
	7) Running a shell in a window.
	8) On a non-pty socket, executing a remote command via rsh.
	9) On a non-pty socket, doing rcp, rmt, yp, finger, syslog, SMTP, etc.
	10) Talking NFS (or RFS, etc).
	11) Going through a machine used as a terminal concentrator.
	12) A process running on a tty not for a person (lpr, berknet, SLIP)

	I would consider the 1-5 to be logged in, and 7-12 not.  6 is a bit
hazy, but I think I would put it in the first category.  The essential
things seems to be that a) you are doing something interactive and b) you
went through some sort of username/password authentication.  Rlogin will
let you bypass the authentication procedure if you have your network set up
right (although security-minded folks would call it just the opposite), but
it still looks like a login and feels like a login, so it would be silly to
call it anything else.

	Any comments?
-- 
Roy Smith, {allegra,cmcl2,philabs}!phri!roy
System Administrator, Public Health Research Institute
455 First Avenue, New York, NY 10016

"you can't spell deoxyribonucleic without unix!"