w(5) shows non-existent or lost process?
Ian Smith
smithi at nimnet.asn.au
Wed Feb 18 00:09:02 PST 2009
On Tue, 17 Feb 2009 13:43:30 +0000 Anton Shterenlikht <mexas at bristol.ac.uk> wrote:
> The who (or w, or finger) command shows that I'm still logged into ttyp5,
> even though I have rebooted the <xxx> box many times since. Does this mean
> the corresponding entry in /var/run/utmp is wrong and shouldn't be there, or is there
> still some process attached to ttyp5?
Certainly the former, given you've rebooted. I've had occasions when
utmp gets silly, though not for ages. Abrupt shutdown / power loss?
> ouput of w:
>
> USER TTY FROM LOGIN@ IDLE WHAT
> mexas p4 <xxx> 1:32pm - w
> mexas p5 <xxx>:0. 26Jan09 21days -
>
> ps ax | grep ttyp5
> shows no process
ps would only list it as 'p5' anyway.
'w -d' may be a bit more informative:
% w -d
6:00PM up 68 days, 15:22, 1 user, load averages: 0.58, 0.23, 0.13
USER TTY FROM LOGIN@ IDLE WHAT
3733 login [pam] (login)
3734 -csh (csh)
7333 /bin/sh /usr/X11R6/bin/startx
7351 /usr/X11R6/bin/xinit /home/smithi/.xinitrc -- -auth /home/smithi/.serverauth.7333 -nolisten tcp
7352 X :0 -auth /home/smithi/.serverauth.7333 -nolisten tcp (Xorg)
7356 /bin/sh /usr/local/bin/startkde
7421 kwrapper ksmserver
smithi v7 - 12Dec08 68days /usr/X11R6/bin/xinit /home/smithi/.xinitrc -- -auth /
> Looking at w(1) man page it seems that "-" in WHAT can be an indication
> that the process failed but not cleanly and that there could be some forked
> sub-process still alive. Does this make sense? Which other commands I can use
> to see what's going on?
utmp(5) makes good bedtime reading :)
/var/log/wtmp can get messed up sometimes too, especially if you're
logged in when periodic(8) monthly rotates it, but tools include:
% last
smithi ttyp5 dolores Mon Feb 2 15:52 - 15:57 (00:05)
wtmp begins Mon Feb 2 15:52:27 EST 2009
!last -f /var/log/wtmp.0
smithi ttyp5 rock.-----.org Mon Jan 26 19:37 - 23:17 (03:40)
smithi ttyp5 rock.-----.org Thu Jan 15 21:30 - 21:45 (00:14)
smithi ttyp5 rock.-----.org Thu Jan 15 18:04 - 18:05 (00:00)
smithi ttyp5 rock.-----.org Thu Jan 15 18:01 - 18:03 (00:01)
somebody ftp ww.xxx.yyy.zz Thu Jan 1 10:47 - 10:50 (00:03)
[..]
% who
smithi ttyv7 Dec 12 02:39
% who /var/log/wtmp.0
[..]
somebody ftp61687 Jan 1 10:47 (ww.xxx.yyy.zz)
smithi ttyp5 Jan 15 18:01 (rock.-----.org)
smithi ttyp5 Jan 15 18:04 (rock.-----.org)
smithi ttyp5 Jan 15 21:30 (rock.-----.org)
smithi ttyp5 Jan 26 19:37 (rock.-----.org)
% who am i
smithi ttyp4 Feb 18 18:16
% tty
/dev/ttyp4
you could try opening enough xterms (ono) so your ttyp5 is used, then
exit them cleanly? Failing that, you can boot single user, mount /var,
rm /var/run/utmp, hit ^D (or reboot) .. IIRC I had to do that once; not
sure what happens if you rm /var/run/utmp while running multi-user! :)
cheers, Ian
More information about the freebsd-questions
mailing list