Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 2 Feb 2010 00:32:16 +0100
From:      Ed Schouten <ed@80386.nl>
To:        Vincent Poy <vincepoy@gmail.com>
Cc:        freebsd-current@freebsd.org
Subject:   Re: HEADS UP: <utmp.h> gone. All welcome <utmpx.h>.
Message-ID:  <20100201233216.GL77705@hoeg.nl>
In-Reply-To: <429af92e1002011500q59b9ae09g908154ae63881ff5@mail.gmail.com>
References:  <429af92e1002011500q59b9ae09g908154ae63881ff5@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--QIE8wBgbk5Wqyq1O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello Vincent,

* Vincent Poy <vincepoy@gmail.com> wrote:
> I just updated to a January 31, 2010 -CURRENT from a -CURRENT prior to the
> above change and have a few questions and issues:
>=20
> 1) What's the correct way to use wtmpcvt(1) as the usage is wtmpcvt oldfi=
le
> newfile
> out of the utmp, wtmp, lastlog, the utmp is not important as that's
> basically the current logins.  wtmp is not important either as that's just
> the recent monthly logins.  What is the correct procedure to convert last=
log
> as that is basically the database that showed when the last time a user
> logged on to the system so that when using lastlogin or finger, it will
> showed when the person last logged in?
>=20
> I've tried wtmpcvt /var/log/lastlog /var/log/utx.lastlogin after backing =
up
> /var/log/utx.lastlogin but when I ran lastlogin, it was all blank.

Right now there is no way to convert lastlog files. The point is that
unlike you mentioned, the wtmp is actually the only important log file.
All information could in theory be derived from it. You could convert
wtmp files and use last -f to scroll through history to figure out when
someone logged in.

=46rom an administrative point of view, you just want to be able to
inspect log files in case it turns out a couple of months earlier
something bad happened with your system (getting hacked, etc). lastlog
is a nice feature, but it should just be considered being a bonus.

Using wtmpcvt(1) on non-wtmp files will indeed generate unreadable data
files.

> 2) I noticed that for last for ftp sessions, it will not show it as a ftp
> session like how the previous utmp did even though w now shows the session
> when it's still connected, not sure if this is really a bad thing unless =
ftp
> isn't the only way to not use a tty.  It seems finger now will report the
> last login session which previously was only for tty sessions.
>=20
> <snip>

I have been thinking about possibly extending the utmpx interface to
include an application name string for login entries, like "sshd" or
"ftpd".

> 3) I noticed that it seems the system in the w, who, finger, last,
> lastlogin output is not recognizing additional sessions of the same user =
on
> a new tty if they are already logged in such as this example.  I am alrea=
dy
> logged in as vince on ptys/0 so I login again as vince on ptys/1:
> <snip>

This is very odd. Could you try debugging this a bit more? In order to
ease debugging, I extended the getent command. You should be able to use
the following commands:

- getent utmpx active
  Get list of active sessions (`utmp')
- getent utmpx log
  Get list of log entries (`wtmp')
- getent utmpx lastlogin
  Get list of last login entries (`lastlog')

When you log in, it should add a "user process" entry to the active
sessions database, append the same entry to the log and overwrite the
lastlogin entry for the corresponding user.

An advantage of these commands is that they just perform a raw dump of
the data on screen, instead of having many forms of unwanted processing
on top.

> lastlogin shows only the last ftp session but not acknowledging that the
> current ptys/1 session as the ptys/0 session is still active.
> vince@bigbang [2:44pm][~] >> lastlogin
> vince               solar                  Mon Feb  1 14:20:03 2010

No, but that's not what lastlogin is supposed to do. lastlogin will only
print information about the last login, which means it will only list
the FTP login.

> <snip>
>=20
> 4) the misc/screen port appears to be broken:
> <snip>

Are you sure your ports tree is up-to-date?

--=20
 Ed Schouten <ed@80386.nl>
 WWW: http://80386.nl/

--QIE8wBgbk5Wqyq1O
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (FreeBSD)

iEYEARECAAYFAktnZIAACgkQ52SDGA2eCwVCzwCdF8Ne+XW8VjpIceuiLKssd89m
FF8AmwaHEY4f4PoNmIyIWWf7ub+J/Wn5
=5vlF
-----END PGP SIGNATURE-----

--QIE8wBgbk5Wqyq1O--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100201233216.GL77705>