Red Hat Bugzilla – Bug 124298
/usr/bin/who lists users that are not logged in.
Last modified: 2007-11-30 17:07:02 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Description of problem: The /usr/bin/who program lists users that are not logged in and do not even have any processes running on the system. This appears to be caused when terminal windows are killed. For example, the following shows /usr/bin/who listing "aankola1" as being logged in multiple times, but there is not a single process associated with that username on the system: % /usr/bin/who srao3 pts/0 May 10 11:31 (:1.0) srao3 pts/2 May 10 11:32 (:1.0) srao3 pts/3 May 10 11:52 (:1.0) srao3 pts/4 May 10 13:19 (:1.0) srao3 pts/5 May 11 10:34 (:1.0) srao3 pts/6 May 14 14:41 (:1.0) srao3 pts/7 May 14 14:59 (:1.0) srao3 pts/8 May 15 17:17 (:1.0) srao3 pts/9 May 15 17:20 (:1.0) aankola1 pts/12 May 10 16:53 (:2.0) aankola1 pts/13 May 10 16:53 (:2.0) aankola1 pts/14 May 10 16:53 (:2.0) aankola1 pts/15 May 10 16:53 (:2.0) aankola1 pts/16 May 10 16:53 (:2.0) aankola1 pts/17 May 10 16:53 (:2.0) aankola1 pts/18 May 10 16:53 (:2.0) aankola1 pts/19 May 10 16:53 (:2.0) aankola1 pts/20 May 10 16:53 (:2.0) aankola1 pts/21 May 10 16:53 (:2.0) aankola1 pts/22 May 10 16:53 (:2.0) aankola1 pts/23 May 10 16:53 (:2.0) aankola1 pts/24 May 10 16:53 (:2.0) srao3 pts/27 May 11 10:58 (:1.0) srao3 pts/28 May 11 13:29 (:1.0) srao3 pts/29 May 11 15:26 (:1.0) a19184 pts/30 May 12 07:05 ([system name]) srao3 pts/31 May 13 13:37 (:1.0) qa4669 pts/10 May 19 14:08 ([system name]) % /bin/ps -U aankola1 PID TTY TIME CMD [no processes listed] Version-Release number of selected component (if applicable): coreutils-4.5.3-26 How reproducible: Always Steps to Reproduce: 1. Login to a system 2. Open several terminal windows 3. Kill those terminal windows 4. Run /usr/bin/who and see them still listed Additional info:
Those terminal windows are responsible for cleaning up utmp. 'who' just reports what utmp says.
Additional notes: 1) This problem is not specific to gnome-terminal -- the exact same thing happens with, e.g., /usr/bin/xterm 2) The problem appears to be specific to /usr/bin/who -- the /usr/bin/w program, for example, does not return these bogus entries.
I'd like to note that I installed RHEL 3 Desktop and am seeing this also. It's particularly annoying because userdel -r balks at removing these users.
This seems to be related to the bug I reported earlier regarding finger: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124310 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125589 Alan Cox provided a fix for finger, but looks like a similar one is needed for who as well. Here's the background info regarding the fix he developed from fedoranews.org: Update Information: Finger mishandled stale utmp entries and also entries from remote X sessions. This would cause random idle times and spurious users to be shown. http://fedoranews.org/updates/FEDORA-2004-181.shtml
Created attachment 109726 [details] Ignore stale utmp entries when listing user processes
This is not a fix but a work-around. There shouldn't *be* stale utmp entries in the first instance.
Or rather, there may be stale utmp entries, but: - any process IDs associated with stale utmp entries may be re-used by unrelated processes - 'who FILE' can be used to examine the contents of a utmp file that has been transferred from a different machine, and so there must be no additional check in that case
I've been able to reproduce this at will using xterm but have been unsuccessful with gnome-terminal. Perhaps someone who sees this with gnome-terminal can provide straces (strace -f, preferably before any other gnome-terminals are running, otherwise attach to gnome-pty-helper process as well) and output of who before and after killing the gnome-terminals.
Regarding the issue of 'who' reporting utmp entries that ought to be ignored (because the associated process no longer exists): This has been fixed upstream, and will be fixed in the soon-to-be-released Fedora Core 4. Neither Red Hat Enterprise Linux 3 nor Red Hat Enterprise Linux 4 have the fix; however, it is a relatively harmless bug. Regarding the issue of 'gnome-terminal' leaving stale utmp entries when the window is killed: this has not been addressed to my knowledge. Please open a separate bug report for that, with the strace output.
If this fix hasn't been backported into RHEL 3, does it really make sense to close a bug specifically opened against RHEL 3? This bug may be trivial, but it does have real-world implications in an Enterprise environment. For example, we found this bug because we're using a load balancing solution that depends on this data to determine number of users logged into a machine. Bogus login info means that load balancing based on number of users logged in doesn't work right.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-544.html