utmp and wtmp corruption...

utmp and wtmp corruption...

Post by Richard Baint » Wed, 17 Nov 1993 04:22:43

Good Morning,

  Well we've got some problems with our utmp and wtmp files and just
  going in and blindly editing them is a real nuisance. I'm running
  Solaris 2.2 and I've tried the fwtmp program to get it into ascii
  form. The problem being that it's hard to do on a live system. My real
  confusion arrises in the fact that utmp isn't cleared out at boot
  time. I understand wtmp staying around, but shouldn't utmp be cleared
  out and have new timestamps and all put in it? Our machine thinks it's
  been up 11 days and had 30 odd users when I had just rebooted the
  beast this morning. It also has old entry pairs like this:

  tcp      PMN0                  12481  6 0000 0000 753293191 Sun Nov 14 10:06:31 1993
  zsmon    PMO0                  12482  6 0000 0000 753293191 Sun Nov 14 10:06:31

  Can I just blow those away? Can I just blow utmp away and reboot? How
  does one make sure utmp is clean when booting? Although we do stats
  from wtmp, it's not as important since the stats are used as just
  rough estimates. I deleted out the entries for the users who had been
  in the utmp file through the reboot, and I hope that fixes it well enough.

  Thanks for any and all hints/suggestions/pointers.


Richard Bainter          Mundanely     |    System Analyst        - OMG/CSD
Pug                      Generally     |    Applied Research Labs - U.Texas

Note: The views may not reflect my employers, or even my own for that matter.


1. Possible utmp/wtmp corruption

I have a strange problem with my Red Hat 6.0 box.  All of a sudden and
for no discernable reason, the following things started happening:

1.  The telnet login prompt used to simply say:


But now it says:

tesla.dailyjolt.com login:

(tesla = the hostname of the machine)

And I am quite positive that no one changed any of the telnetd config
files to cause this.

2.  When I log in via ssh, I show up in w, who, finger.  However, when
I telnet in, I don't show up in any of these.  (The system seems not to
know that I am logged in when I come in through telnet.)

3.  When I run a who command, I get garbled output like the following:

[~] > who
amitai   pts/1    Jan  3 17:20 (squelch.ooi.net)
.ipt.aol?DC^G logged off ??(tty??) 5:20pm

There are two people logged on -- one named 'amitai' (who seems to be
showing up fine in the who output), and one named 'mike' who is logged
on through AOL.  Since the second, garbled line contains the
string 'ipt.aol' it seems to me that who is trying to display a line
for mike (the aol guy), but the text is getting all garbled.

Does anyone have any ideas about what might cause these problems?  We
have considered corruption of the utmp and/or wtmp files, but they look

Thanks for any help,

P.S.  Note:  I don't necessarily have any reason to believe that these
two problems stem from the same cause, i.e., they could be totally
unrelated.  All I know is that they both started happening at the same
time.  But we all know that temporal proximity does not causality
make! :)

Sent via Deja.com http://www.deja.com/
Before you buy.

2. Mandrake's linux4win on HP Pavilion

3. location of utmp wtmp in utmp.h

4. Backspace with X-Windows and Linux

5. How to remove utmp/wtmp entries?

6. Non-destructive sending of EOF on pipe

7. utmp and wtmp re-init

8. Chromatic Research chipset and framebuffer

9. Redhat 5.0 wtmp and utmp problems...

10. is it safe to simply truncate wtmp/utmp ??

11. Are wtmp and utmp Binaries?

12. utmp/wtmp in lx99pl8

13. utmp/wtmp in kvt/KDE