From owner-freebsd-questions@FreeBSD.ORG Thu Dec 16 20:35:42 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBD5216A4CE for ; Thu, 16 Dec 2004 20:35:42 +0000 (GMT) Received: from orchid.homeunix.org (awn180.neoplus.adsl.tpnet.pl [83.27.73.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1A0643D41 for ; Thu, 16 Dec 2004 20:35:41 +0000 (GMT) (envelope-from freebsd@orchid.homeunix.org) Received: from [192.168.1.66] (blackacidevil.orchid.homeunix.org [192.168.1.66]) (authenticated bits=0) by orchid.homeunix.org (8.13.1/8.13.1) with ESMTP id iBGKZhIr099173 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 16 Dec 2004 21:35:44 +0100 (CET) (envelope-from freebsd@orchid.homeunix.org) Message-ID: <41C1F187.1000903@orchid.homeunix.org> Date: Thu, 16 Dec 2004 21:35:19 +0100 From: Karol Kwiatkowski User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <41C1D214.6080605@orchid.homeunix.org> <6.1.1.1.2.20041216150800.0c54d358@pop.gmail.com> In-Reply-To: <6.1.1.1.2.20041216150800.0c54d358@pop.gmail.com> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.80/614/Wed Dec 1 16:44:43 2004 clamav-milter version 0.80j on orchid.homeunix.org X-Virus-Status: Clean Subject: Re: user disappears from w and who X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd@orchid.homeunix.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2004 20:35:43 -0000 Brandon Lodriguss wrote: > It seems like utmp/wtmp is getting updated when the user logs out of the > second shell, then it ignores the fact that the user is still logged in to > the original shell. I've got curious and investigated a bit. It looks like when user logs in the second time (and it doesn't matter that he logs in as himself) system information gets updated just like the previous session was ended (like user logged off before logging in). I hope that will help someone with further investigation (I'm not familiar with the source). Here's a "proof": (ssh session, notice the time) > login as: joe > Password: > Last login: Thu Dec 16 18:46:02 2004 from name.of.a.box > [...motd...] > joe$ date > Thu Dec 16 20:18:12 CET 2004 > > [...I'm waiting here at least one minute...] > > joe$ login > login: joe > Last login: Thu Dec 16 20:18:00 from name.of.a.box > [...motd...] > joe$ date > Thu Dec 16 20:19:17 CET 2004 > > [...I'm waiting here at least one minute...] > > joe$ exit > joe$ date > Thu Dec 16 20:21:29 CET 2004 as root: > # last joe > joe ttyp0 Thu Dec 16 20:19 - 20:21 (00:02) > joe ttyp0 192.168.1.66 Thu Dec 16 20:18 - 20:19 (00:01) > [...] ^^^^^ last(1) reports user 'joe' logged off the same moment he logged in by typing 'login'. Finishing ssh connection (exit) results with this error in auth.log: > sshd[98620]: syslogin_perform_logout: logout() returned an error Also I tried logging 'joe' as different user second time - it doesn't matter. That's all from me, I hope someone will tell more. Regards, Karol -- Karol Kwiatkowski