Bug 4124

Summary: output of who and last does not match
Product: [Retired] Red Hat Linux Reporter: mw
Component: wu-ftpdAssignee: David Lawrence <dkl>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: mw
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-08-21 15:28:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description mw 1999-07-20 18:50:28 UTC 
I run an anonftp server, and when I type `last' I see
entries that are still logged on till the last reboot on
July 19 (today is July 20).  On the other hand, who seems to
output correctly.

Here is an example I am doing right now (July 20, 1:30 PM)

$ last -R|grep "Jul 19"|grep still|tail
ftp      ftp          Mon Jul 19 12:22   still logged in
ftp      ftp          Mon Jul 19 12:21   still logged in
ftp      ftp          Mon Jul 19 12:21   still logged in
ftp      ftp          Mon Jul 19 12:20   still logged in
ftp      ftp          Mon Jul 19 12:19   still logged in
ftp      ftp          Mon Jul 19 12:08   still logged in
mw       pts/2        Mon Jul 19 12:07   still logged in
mw       pts/1        Mon Jul 19 12:03   still logged in
mw       pts/0        Mon Jul 19 12:03   still logged in
ftp      ftp          Mon Jul 19 12:02   still logged in


$ who
mw       pts/0    Jul 19 12:03
mw       pts/1    Jul 19 12:03
mw       pts/2    Jul 19 12:07 (:0)
mw       pts/3    Jul 19 14:39 (:0)

It seems `last' never notices when an ftp login happens:

In one xterm:
$ ncftp moni.msci.memphis.edu

In another xterm
$ last -1|less
ftp      ftp          moni.msci.memphi Tue Jul 20 13:43
still logged in

In the first xterm:
ncftp / > bye

In the second xterm

 last -1|less
ftp      ftp          moni.msci.memphi Tue Jul 20 13:43
still logged in

and this entry will stay there forever (until the next
reboot).

Thx

Mate

Mate Wierdl
Comment 1 mw 1999-07-20 18:55:59 UTC 
make it

"last does not seem to notice when an anonftp logout happens"

Mate Wierdl
Comment 2 Michael K. Johnson 1999-08-02 16:24:59 UTC 
Changed component to wu-ftpd because at first glance I think it
might be a bug in the pamification of wu-ftpd.  I haven't looked
into it yet so I might be wrong...
Comment 3 mw 1999-08-02 17:28:59 UTC 
Well, it seems that the command `who' does not note ftp logins at all.

While I am logged in via ftp and telnet, I run who in two different
ways:

$ who
mw       ttyp1    Aug  2 13:09 (wierdlmpc.msci.memphis.edu)
$ who /var/log/wtmp
mw       ttyp1    Aug  2 13:09 (wierdlmpc.msci.memphis.edu)
mw       ftpd31180 Aug  2 13:13 (wierdlmpc.msci.memphis.edu)

The above certainly leaves it a mistery *what* file who checks for
login info; according to `man who', it checks the nonexisting
/etc/utmp file.

Now here is the problem: even after I logout from ftp, I see

$ who /var/log/wtmp
mw       ttyp1    Aug  2 13:09 (wierdlmpc.msci.memphis.edu)
mw       ftpd31180 Aug  2 13:13 (wierdlmpc.msci.memphis.edu)

Let me add I noticed this both on a 5.2 and a 6.0 system.
Comment 4 Michael K. Johnson 1999-08-02 20:44:59 UTC 
Additional report from pam-list, posted by Alex Yu:
> From: Gregory A Lundberg [lundberg+wuftpd]
> Sent: Monday, August 02, 1999 4:24 PM
> To: Alex Yu
> Cc: WUFTPD Development Group
> Subject: Re: FW: last and pam
>
>
> A Debian maintainer is claiming much the same.
>
> After having read the code, and thinking about the state of the
daemon at
> the various points, I see three possible solutions:
>
>  - live with it.  It's broken and cannot be fixed.
>
>  - use the -W command-line switch.  That will prevent any FTP
> sessions from
>    logging to wtmp.  At least you'll be keeping your wtmp file
clean.
>
>  - give me a few minutes and I'll rip the entire pile of crap from
the
>    source kit.  That way there's no support at all for wtmp
> logging.  Then,
>    when we rewrite the daemon, maybe we can put the functions back
in.
>
> As it is right now, I do not believe wtmp logging works correctly
> for guest
> or anonymous users.  I do not believe it is even possible to make it
work
> correctly.  So I'm recomending my third course of action as the
> solution to
> be incorporated in the 2.6.0.
>
> --
>
> Gregory A Lundberg              WU-FTPD Development Group
> 1441 Elmdale Drive              lundberg
> Kettering, OH 45409-1615 USA    1-800-809-2195
Comment 5 Michael K. Johnson 1999-08-03 15:27:59 UTC 
A patch is reported to be available at:
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/glibc.wtmp.patch
Comment 6 Michael K. Johnson 1999-08-03 16:37:59 UTC 
Mate reports in private email that the fix works for him.
Thanks, Mate!
Comment 7 Jeff Johnson 1999-08-21 15:28:59 UTC 
*** This bug has been marked as a duplicate of 3482 ***