bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug or missing feature in who

From: Bob Proulx
Subject: Re: Bug or missing feature in who
Date: Thu, 24 May 2007 19:59:23 -0600
User-agent: Mutt/1.5.9i 
Alexander Schestag wrote:
> I think, I detected a bug or at least a missing feature in the "who"
> command.

The who command reports information found in the system utmp file.
But updating the contents of the utmp file is the responsibility of
the operating system.

> Assume the following situation:
> 
> - user1 is logged in. a "who" will show me this user.

The /bin/login program, and any replacement such as sshd or the
older telnetd, update the contents of the /var/run/utmp file when a
user logs into the session.

> - after that, user1 logs in as another user or as root via "su".

The su command does not update the utmp file.  Running su does not
change the name of the user who logged into that session.

> Unfortunately, in this situation, the "who" command doesn't list the
> user logged in via "su". Is this a bug, a missing feature, or is it a
> wanted behaviour of who?

It is not a bug.  It is expected behavior.  The 'su' command stacks
another process on top of the first with the new process being the new
user.  But this does not change who logged into that session.  The
first user logged into that terminal session and therefore the system
utmp file will continue to show the previous user on that session.
When you exit the stacked shell you will return to the previous user
session.

The utmp file is a very old part of unix-like systems.  I doubt if
today, 30 years later, that it would be implemented the way that it
was way back then.  Note that the utmp and wtmp files are running
totals kept by various system programs.  It is not unusual for system
events (e.g. disk full, crashed login shells) to cause them to be out
of sync with each other.  I would not use it for ultimate accuracy.

There is very little good use of the utmp file today.  Most people
using it should probably be using the user name of the current user
and not the user that logged into that terminal session.

> "who /var/log/wtmp/" lists the logged in root user,

The wtmp file attempts to track logins and logouts.  The utmp file
attempts to track currently logged in users.

> but it also lists users already logged out.

Correct.

> So, is there a way to tell "who" to list the users logged in via su
> as well?

Not with who.  AFAIK you would need to walk the process list for that
information.  There is really nothing special about a login process.
It is just a normal process.

If I read what you said right it sounds like you are logging in as
root and then using su to switch to a user.  In which case the logged
in user is root and the report is correct.

Bob
reply via email to
[Prev in Thread] Current Thread [Next in Thread]