[NTLUG:Discuss] ssh login

TJ Davis TJDavis at sagu.edu
Wed Aug 7 10:45:36 CDT 2002 

Now that I have been told that there is basically nothing that I can do
except for reboot, unless I understood wrong, I am satisfied.  That is all
that I needed to know.  Unfortunately rebooting is not an option.  Just to
clarify, the reason that I was concerned about it is because I use the "who"
and "w" command frequently just to check and see who is logged in for
security purposes but now I know that I cannot depend on that and I will no
longer continue to do so.  Thanks to everyone who provided info to help me
with this matter.

T.J. Davis
Southwestern A/G University
Information Technology
tjdavis at sagu.edu
(972) 937-4010 ext. 1255
1 Timothy 4:12



-----Original Message-----
From: Steve Baker [mailto:sjbaker1 at airmail.net]
Sent: Wednesday, August 07, 2002 8:36 AM
To: discuss at ntlug.org
Subject: Re: [NTLUG:Discuss] ssh login


TJ Davis wrote:
> so do you have a solution as to how to fix the problem?  The first and 
> only suggestion did not work.

Well, firstly, to be absolutely clear about this: The user *ISN'T* still
logged in after the machine was rebooted - that's simply not possible.
It's only that the utmp/wtmp files didn't get updated to show that they
logged out - so if you *ask* whether they are logged in or not using 'who'
or something like it, you get the wrong answer.

So this shouldn't be a terrible security problem or a drain on system
resources or anything like that.

So - what can you do?

Unless this is causing you some kind of terrible grief - I'd do *nothing*
UNIX has been working like this since the early 1970's and everyone is used
to flakey results coming back out of utmp/wtmp.

But if you absolutely have to fix it, I'd wipe out the utmp/wtmp files on
reboot.  That'll ensure that they are not going to show any bogus
information from before the reboot - and the only loss will be that users
won't be told when they last logged in or logged out if the machine had
to be rebooted in the meantime.

Heck - this is Linux - machines frequently go for YEARS between reboots!

----------------------------- Steve Baker -------------------------------
Mail : <sjbaker1 at airmail.net>   WorkMail: <sjbaker at link.com>
URLs : http://www.sjbaker.org
        http://plib.sf.net http://tuxaqfh.sf.net http://tuxkart.sf.net
        http://prettypoly.sf.net http://freeglut.sf.net
        http://toobular.sf.net   http://lodestone.sf.net



_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ntlug.org/pipermail/discuss/attachments/20020807/d8a8396b/attachment.html

More information about the Discuss mailing list