Bug 124298 - /usr/bin/who lists users that are not logged in.
Summary: /usr/bin/who lists users that are not logged in.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: coreutils
Version: 3.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 156320
TreeView+ depends on / blocked
 
Reported: 2004-05-25 14:36 UTC by Paul Waterman
Modified: 2007-11-30 22:07 UTC (History)
6 users (show)

Fixed In Version: RHBA-2005-544
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-09-28 17:01:06 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Ignore stale utmp entries when listing user processes (1001 bytes, patch)
2005-01-13 16:41 UTC, David Lehman
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:544 0 qe-ready SHIPPED_LIVE coreutils bug fix update 2005-09-28 04:00:00 UTC

Description Paul Waterman 2004-05-25 14:36:50 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5)
Gecko/20031007

Description of problem:
The /usr/bin/who program lists users that are not logged in and do not
even have any processes running on the system.

This appears to be caused when terminal windows are killed.

For example, the following shows /usr/bin/who listing "aankola1" as
being logged in multiple times, but there is not a single process
associated with that username on the system:

% /usr/bin/who
srao3    pts/0        May 10 11:31 (:1.0)  
srao3    pts/2        May 10 11:32 (:1.0)  
srao3    pts/3        May 10 11:52 (:1.0)  
srao3    pts/4        May 10 13:19 (:1.0)  
srao3    pts/5        May 11 10:34 (:1.0)  
srao3    pts/6        May 14 14:41 (:1.0)  
srao3    pts/7        May 14 14:59 (:1.0)  
srao3    pts/8        May 15 17:17 (:1.0)  
srao3    pts/9        May 15 17:20 (:1.0)  
aankola1 pts/12       May 10 16:53 (:2.0)  
aankola1 pts/13       May 10 16:53 (:2.0)  
aankola1 pts/14       May 10 16:53 (:2.0)  
aankola1 pts/15       May 10 16:53 (:2.0)  
aankola1 pts/16       May 10 16:53 (:2.0)  
aankola1 pts/17       May 10 16:53 (:2.0)  
aankola1 pts/18       May 10 16:53 (:2.0)  
aankola1 pts/19       May 10 16:53 (:2.0)  
aankola1 pts/20       May 10 16:53 (:2.0)  
aankola1 pts/21       May 10 16:53 (:2.0)  
aankola1 pts/22       May 10 16:53 (:2.0)  
aankola1 pts/23       May 10 16:53 (:2.0)  
aankola1 pts/24       May 10 16:53 (:2.0)  
srao3    pts/27       May 11 10:58 (:1.0)  
srao3    pts/28       May 11 13:29 (:1.0)  
srao3    pts/29       May 11 15:26 (:1.0)  
a19184   pts/30       May 12 07:05 ([system name])
srao3    pts/31       May 13 13:37 (:1.0)  
qa4669   pts/10       May 19 14:08 ([system name])

% /bin/ps -U aankola1
  PID TTY          TIME CMD
[no processes listed]

Version-Release number of selected component (if applicable):
coreutils-4.5.3-26

How reproducible:
Always

Steps to Reproduce:
1. Login to a system
2. Open several terminal windows
3. Kill those terminal windows
4. Run /usr/bin/who and see them still listed
    

Additional info:

Comment 1 Tim Waugh 2004-05-25 14:38:44 UTC
Those terminal windows are responsible for cleaning up utmp.  'who'
just reports what utmp says.

Comment 2 Paul Waterman 2004-05-25 14:45:52 UTC
Additional notes:

1) This problem is not specific to gnome-terminal -- the exact same
thing happens with, e.g., /usr/bin/xterm

2) The problem appears to be specific to /usr/bin/who -- the
/usr/bin/w program, for example, does not return these bogus entries.

Comment 3 Luke Meyer 2004-06-24 14:56:11 UTC
I'd like to note that I installed RHEL 3 Desktop and am seeing this
also.  It's particularly annoying because userdel -r balks at removing
these users.

Comment 4 Greg 2004-07-02 21:12:51 UTC
This seems to be related to the bug I reported earlier regarding finger:

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124310
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125589

Alan Cox provided a fix for finger, but looks like a similar one is
needed for who as well.  Here's the background info regarding the fix
he developed from fedoranews.org:

Update Information:

Finger mishandled stale utmp entries and also entries from remote X
sessions. This would cause random idle times and spurious users to
be shown.

http://fedoranews.org/updates/FEDORA-2004-181.shtml

Comment 5 David Lehman 2005-01-13 16:41:20 UTC
Created attachment 109726 [details]
Ignore stale utmp entries when listing user processes

Comment 7 Tim Waugh 2005-03-23 13:43:35 UTC
This is not a fix but a work-around.  There shouldn't *be* stale utmp entries in
the first instance.

Comment 8 Tim Waugh 2005-03-24 11:15:21 UTC
Or rather, there may be stale utmp entries, but:

- any process IDs associated with stale utmp entries may be re-used by unrelated
processes

- 'who FILE' can be used to examine the contents of a utmp file that has been
transferred from a different machine, and so there must be no additional check
in that case


Comment 9 David Lehman 2005-05-13 22:46:18 UTC
I've been able to reproduce this at will using xterm but have been unsuccessful
with gnome-terminal.

Perhaps someone who sees this with gnome-terminal can provide straces (strace
-f, preferably before any other gnome-terminals are running, otherwise attach to
gnome-pty-helper process as well) and output of who before and after killing the
gnome-terminals.


Comment 10 Tim Waugh 2005-06-01 15:39:36 UTC
Regarding the issue of 'who' reporting utmp entries that ought to be ignored
(because the associated process no longer exists):

This has been fixed upstream, and will be fixed in the soon-to-be-released
Fedora Core 4.

Neither Red Hat Enterprise Linux 3 nor Red Hat Enterprise Linux 4 have the fix;
however, it is a relatively harmless bug.

Regarding the issue of 'gnome-terminal' leaving stale utmp entries when the
window is killed: this has not been addressed to my knowledge.  Please open a
separate bug report for that, with the strace output.

Comment 11 Paul Waterman 2005-06-01 20:49:19 UTC
If this fix hasn't been backported into RHEL 3, does it really make sense to
close a bug specifically opened against RHEL 3?

This bug may be trivial, but it does have real-world implications in an
Enterprise environment.

For example, we found this bug because we're using a load balancing solution
that depends on this data to determine number of users logged into a machine.
Bogus login info means that load balancing based on number of users logged in
doesn't work right.

Comment 21 Red Hat Bugzilla 2005-09-28 17:01:07 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-544.html



Note You need to log in before you can comment on or make changes to this bug.