Bug 124298 - /usr/bin/who lists users that are not logged in.
/usr/bin/who lists users that are not logged in.
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: coreutils (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
Depends On:
Blocks: 156320
  Show dependency treegraph
Reported: 2004-05-25 10:36 EDT by Paul Waterman
Modified: 2007-11-30 17:07 EST (History)
6 users (show)

See Also:
Fixed In Version: RHBA-2005-544
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-28 13:01:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Ignore stale utmp entries when listing user processes (1001 bytes, patch)
2005-01-13 11:41 EST, David Lehman
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:544 qe-ready SHIPPED_LIVE coreutils bug fix update 2005-09-28 00:00:00 EDT

  None (edit)
Description Paul Waterman 2004-05-25 10:36:50 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5)

Description of problem:
The /usr/bin/who program lists users that are not logged in and do not
even have any processes running on the system.

This appears to be caused when terminal windows are killed.

For example, the following shows /usr/bin/who listing "aankola1" as
being logged in multiple times, but there is not a single process
associated with that username on the system:

% /usr/bin/who
srao3    pts/0        May 10 11:31 (:1.0)  
srao3    pts/2        May 10 11:32 (:1.0)  
srao3    pts/3        May 10 11:52 (:1.0)  
srao3    pts/4        May 10 13:19 (:1.0)  
srao3    pts/5        May 11 10:34 (:1.0)  
srao3    pts/6        May 14 14:41 (:1.0)  
srao3    pts/7        May 14 14:59 (:1.0)  
srao3    pts/8        May 15 17:17 (:1.0)  
srao3    pts/9        May 15 17:20 (:1.0)  
aankola1 pts/12       May 10 16:53 (:2.0)  
aankola1 pts/13       May 10 16:53 (:2.0)  
aankola1 pts/14       May 10 16:53 (:2.0)  
aankola1 pts/15       May 10 16:53 (:2.0)  
aankola1 pts/16       May 10 16:53 (:2.0)  
aankola1 pts/17       May 10 16:53 (:2.0)  
aankola1 pts/18       May 10 16:53 (:2.0)  
aankola1 pts/19       May 10 16:53 (:2.0)  
aankola1 pts/20       May 10 16:53 (:2.0)  
aankola1 pts/21       May 10 16:53 (:2.0)  
aankola1 pts/22       May 10 16:53 (:2.0)  
aankola1 pts/23       May 10 16:53 (:2.0)  
aankola1 pts/24       May 10 16:53 (:2.0)  
srao3    pts/27       May 11 10:58 (:1.0)  
srao3    pts/28       May 11 13:29 (:1.0)  
srao3    pts/29       May 11 15:26 (:1.0)  
a19184   pts/30       May 12 07:05 ([system name])
srao3    pts/31       May 13 13:37 (:1.0)  
qa4669   pts/10       May 19 14:08 ([system name])

% /bin/ps -U aankola1
  PID TTY          TIME CMD
[no processes listed]

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Login to a system
2. Open several terminal windows
3. Kill those terminal windows
4. Run /usr/bin/who and see them still listed

Additional info:
Comment 1 Tim Waugh 2004-05-25 10:38:44 EDT
Those terminal windows are responsible for cleaning up utmp.  'who'
just reports what utmp says.
Comment 2 Paul Waterman 2004-05-25 10:45:52 EDT
Additional notes:

1) This problem is not specific to gnome-terminal -- the exact same
thing happens with, e.g., /usr/bin/xterm

2) The problem appears to be specific to /usr/bin/who -- the
/usr/bin/w program, for example, does not return these bogus entries.
Comment 3 Luke Meyer 2004-06-24 10:56:11 EDT
I'd like to note that I installed RHEL 3 Desktop and am seeing this
also.  It's particularly annoying because userdel -r balks at removing
these users.
Comment 4 Greg 2004-07-02 17:12:51 EDT
This seems to be related to the bug I reported earlier regarding finger:


Alan Cox provided a fix for finger, but looks like a similar one is
needed for who as well.  Here's the background info regarding the fix
he developed from fedoranews.org:

Update Information:

Finger mishandled stale utmp entries and also entries from remote X
sessions. This would cause random idle times and spurious users to
be shown.

Comment 5 David Lehman 2005-01-13 11:41:20 EST
Created attachment 109726 [details]
Ignore stale utmp entries when listing user processes
Comment 7 Tim Waugh 2005-03-23 08:43:35 EST
This is not a fix but a work-around.  There shouldn't *be* stale utmp entries in
the first instance.
Comment 8 Tim Waugh 2005-03-24 06:15:21 EST
Or rather, there may be stale utmp entries, but:

- any process IDs associated with stale utmp entries may be re-used by unrelated

- 'who FILE' can be used to examine the contents of a utmp file that has been
transferred from a different machine, and so there must be no additional check
in that case
Comment 9 David Lehman 2005-05-13 18:46:18 EDT
I've been able to reproduce this at will using xterm but have been unsuccessful
with gnome-terminal.

Perhaps someone who sees this with gnome-terminal can provide straces (strace
-f, preferably before any other gnome-terminals are running, otherwise attach to
gnome-pty-helper process as well) and output of who before and after killing the
Comment 10 Tim Waugh 2005-06-01 11:39:36 EDT
Regarding the issue of 'who' reporting utmp entries that ought to be ignored
(because the associated process no longer exists):

This has been fixed upstream, and will be fixed in the soon-to-be-released
Fedora Core 4.

Neither Red Hat Enterprise Linux 3 nor Red Hat Enterprise Linux 4 have the fix;
however, it is a relatively harmless bug.

Regarding the issue of 'gnome-terminal' leaving stale utmp entries when the
window is killed: this has not been addressed to my knowledge.  Please open a
separate bug report for that, with the strace output.
Comment 11 Paul Waterman 2005-06-01 16:49:19 EDT
If this fix hasn't been backported into RHEL 3, does it really make sense to
close a bug specifically opened against RHEL 3?

This bug may be trivial, but it does have real-world implications in an
Enterprise environment.

For example, we found this bug because we're using a load balancing solution
that depends on this data to determine number of users logged into a machine.
Bogus login info means that load balancing based on number of users logged in
doesn't work right.
Comment 21 Red Hat Bugzilla 2005-09-28 13:01:07 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.