Re: utmp/wtmp problem!

2001-09-09 Thread will trillich 
On Fri, Aug 24, 2001 at 06:51:27AM +, nestea wrote:
> hi folks,
> 
> my debian box was newly installed, upgraded to unstable a week ago.  i 
> compiled 2.4.9 kernel yesterday and it works just fine.  this morning i login 
> as root and fire the 'w' command, i got weird result ;
> 
>  14:37:30 up 1 day, 20:30,  2 users,  load average: 0.00, 0.00, 0.00
> USER TTY  FROM  LOGIN@   IDLE   JCPU   PCPU  WHAT
> root pts/0xxx.xxx.xxx.xxx 09:460.00s  0.31s  0.01s  w 
> debian:/etc/init.d#

> i still have not idea ... i know i can 
> 'cat /dev/null > /var/run/utmp' and 
> 'cat /dev/null > /var/log/wtmp'
> 
> to resolve this, but i really want to know why.

as forrest gump said, "it happens". the wtmp file can get
borked, and then reports based on it can get fuxnored.

after moving/clobbering the files you may need to restart your
logging facilities; they will most likely still be writing their
information to their open file handles, which would still point
to the old (marked-for-deletion-or-whatever) files.

/etc/init.d/sysklogd restart|reload|yadayada 

-- 
DEBIAN NEWBIE TIP #67 from Colin Watson <[EMAIL PROTECTED]>
:
Did you know MANPAGES ARE IN SEVERAL SECTIONS?  For example,
user commands are in section 2 of the manual, and system
administration items are in section 8; to request a particular
section via "man" include it before the item:
man 7 regex
(otherwise you'll probably see regex from section 3 instead.)
To see ALL pages with a particular name, try
man -a regex
every matching manpage (from whichever section) will be
presented, one-by-one.

Also see http://newbieDoc.sourceForge.net/ ...

utmp/wtmp problem!

2001-08-24 Thread nestea 
hi folks,

my debian box was newly installed, upgraded to unstable a week ago.  i compiled 
2.4.9 kernel yesterday and it works just fine.  this morning i login as root 
and fire the 'w' command, i got weird result ;

 14:37:30 up 1 day, 20:30,  2 users,  load average: 0.00, 0.00, 0.00
USER TTY  FROM  LOGIN@   IDLE   JCPU   PCPU  WHAT
root pts/0xxx.xxx.xxx.xxx 09:460.00s  0.31s  0.01s  w 
debian:/etc/init.d#

i wonder why it shows that there are currently 2 users, then i do a 'ps axf';

sunday:/etc/init.d# ps axf
  PID TTY  STAT   TIME COMMAND
7 ?SW 0:00 [kupdated]
6 ?SW 0:00 [bdflush]
5 ?SW 0:00 [kreclaimd]
4 ?SW 0:06 [kswapd]
3 ?SWN0:00 [ksoftirqd_CPU0]
1 ?S  0:03 init [2]  
2 ?SW 0:00 [keventd]
8 ?SW 0:05 [kjournald]
  127 ?S  0:00 /sbin/syslogd
  130 ?S  0:00 /sbin/klogd
  141 ?S  0:00 /usr/sbin/inetd
  154 ?S  0:04 /usr/sbin/sshd
 1852 ?S  0:01  \_ /usr/sbin/sshd
 1853 pts/0S  0:00  \_ -bash
 2427 pts/0R  0:00  \_ ps axf
  171 ?S  0:00 /usr/sbin/atd
  174 ?S  0:00 /usr/sbin/cron
  182 tty1 S  0:00 /sbin/getty 38400 tty1
  254 ?S  0:00 /usr/sbin/squid -D -sYC
  257 ?R  1:24  \_ (squid) -D -sYC
 2240 ?S  0:00  \_ (unlinkd)
sunday:/etc/init.d#

i still have not idea ... i know i can
'cat /dev/null > /var/run/utmp' and
'cat /dev/null > /var/log/wtmp'

to resolve this, but i really want to know why.

any idea?