From owner-freebsd-security Wed Jul 14 11:26:18 1999 Delivered-To: freebsd-security@freebsd.org Received: from ds9.sci.fi (ds9.sci.fi [195.74.0.54]) by hub.freebsd.org (Postfix) with ESMTP id A586715402 for ; Wed, 14 Jul 1999 11:26:00 -0700 (PDT) (envelope-from yurtesen@ispro.net.tr) Received: from ispro.net.tr (dyn-0-150.tku.netti.fi [195.16.223.151]) by ds9.sci.fi (8.9.1/8.9.1) with ESMTP id VAA24776; Wed, 14 Jul 1999 21:25:47 +0300 (EET DST) Message-ID: <378CD6E8.D515E81D@ispro.net.tr> Date: Wed, 14 Jul 1999 21:28:57 +0300 From: Evren Yurtesen X-Mailer: Mozilla 4.51 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Anil Jangity Cc: "Childers, Richard" , "'freebsd-security@freebsd.org '" Subject: Re: weird w report? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org well, I have had the same kind of thing in FreeBSD 3.1-Stable, and I could not find a way to log out the user, well I also could not find any process owned by that user! I thought the problem was about /var/run/utmp file which was supposed to know the logged in users... then I just deleted it by issuing cat /dev/null > /var/run/utmp and everything is normal right now, there have been 2 weeks so far after this weird thing. when I deleted it I have found myself invisible too, and w was saying there are 0 users logged in! then I logged out and logged in again and it was normal ( for a moment I thought it may say -1 users or something though ) Evren Anil Jangity wrote: > |"I have a weird user logon." > | > | > | > |I don't mean to sound like an old grouch, here, but trouble reports that are > |not accompanied by simple ASCII cut-and-paste examples of the 'here's what I > |do, here's what I see' variety are worth almost nothing. > > Richard, > > I don't see how different this is from my explanation post but here goes: > > -------------------------------------------------------------------------- > [root@shell:~] w |grep drenica > root p6 fiber.entic.net 10:57AM - grep drenica > drenica pj 98CC44E1.ipt.aol Thu07PM 5days - > [root@shell:~] ls -la /dev/ttypj > crw-rw-rw- 1 root wheel 5, 19 Jul 8 19:31 /dev/ttypj > [root@shell:~] w | grep drenica > root p6 fiber.entic.net 10:57AM - grep drenica > drenica pj 98CC44E1.ipt.aol Thu07PM 5days - > [root@shell:~] last drenica | grep pj > drenica ttypj 152.204.68.225 Thu Jul 8 19:24 still logged in > [root@shell:~] ping 152.204.68.225 > PING 152.204.68.225 (152.204.68.225): 56 data bytes > ^C36 bytes from 205.188.192.98: Destination Host Unreachable > Vr HL TOS Len ID Flg off TTL Pro cks Src Dst > 4 5 00 5400 24de 0 0000 f0 01 7c3d 209.157.122.66 152.204.68.225 > > --- 152.204.68.225 ping statistics --- > 1 packets transmitted, 0 packets received, 100% packet loss > [root@shell:~] su -l drenica > [drenica@shell:~] ps > PID TT STAT TIME COMMAND > 12865 p6 S 0:00.08 -su (bash) > 12868 p6 R+ 0:00.00 ps > [drenica@shell:~] kill -9 -1 > su: kill: (-1) - No such pid > [drenica@shell:~] exit > logout > [root@shell:~] ps auxU drenica > USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND > [root@shell:~] [drenica@shell:~] ps > PID TT STAT TIME COMMAND > 12865 p6 S 0:00.08 -su (bash) > 12868 p6 R+ 0:00.00 ps > [drenica@shell:~] kill -9 -1 > su: kill: (-1) - No such pid > > oh and: > [root@shell:/var/log] uname -r > 2.2.8-STABLE > > ;-) > -------------------------------------------------------------------------- > I think a reboot will fix it, but I am not going to reboot over this. So, > looking for other alternatives. > > Kind regards, > > Anil Jangity > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message