View previous topic :: View next topic |
Author |
Message |
phsdv Guru
Joined: 13 Mar 2005 Posts: 372 Location: Europe
|
Posted: Sat Jul 12, 2008 1:06 pm Post subject: who and last do not know user is logged in |
|
|
I am trying to prevent mythshutdown from shutting my system when a user is still logged in. I am planning to write a small script as suggested in an older thread that use 'who' or 'last'. However 'who' and 'last' do not seem to find any users. I am logged in a xfce session via xdm. 'who' returns nothing and 'last' gives: Code: | $ last | head
paul :0 Sat Jul 12 13:59 gone - no logout
reboot system boot 2.6.24-gentoo-r8 Sat Jul 12 13:58 (00:59)
paul :0 Sat Jul 12 13:19 - down (00:38) | user paul at display :0 is currently logged in, but last says he is is not really there (gone). What is wrong here? Maybe something to do with pam? Any ideas?
Code: | $ emerge --info
Portage 2.1.4.4 (!..//usr/portage/profiles/default/linux/x86/2008.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.24-gentoo-r8 i686)
=================================================================
System uname: 2.6.24-gentoo-r8 i686 Intel(R) Pentium(R) 4 CPU 2.60GHz
Timestamp of tree: Sat, 12 Jul 2008 01:30:01 +0000
app-shells/bash: 3.2_p33
dev-lang/python: 2.4.4-r13
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 2.0.0
sys-apps/openrc: 0.2.5
sys-apps/sandbox: 1.2.18.1-r2
sys-devel/autoconf: 2.13, 2.61-r2
sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils: 2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool: 1.5.26
virtual/os-headers: 2.6.23-r3
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distfiles distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LINGUAS="en_US"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/tmp"
PORTDIR="/mnt/btrfs/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://meterkast/gentoo-portage"
USE="X a52 aac acl acpi alsa bash-completion berkdb bluetooth branding bzip2 cairo cdr cli cracklib crypt cups dbus dhcp dhcpip doc dri dvb dvd dvdr dvdread emboss encode evo exif faad2 fam fame ffmpeg firefox flac fortran gdbm gif gphoto2 gpm gstreamer gtk hal iconv isdnlog jack jpeg jpeg2k jpg kdeenablefinal lcms libnotify lirc mad midi mikmod mmx mmxext mp2 mp3 mpeg mudflap mysql mythtv ncurses nls nptl nptlonly ogg opengl openmp pam pcre pdf perl png ppds pppd python qt3 qt3support qt4 quicktime readline real reflection sdl session smp spell spl sse sse2 ssl startup-notification svg tcpd theora threads tiff transcode truetype unicode v4l v4l2 vhosts vorbis win32codecs x264 x86 xcomposite xml xorg xslt xulrunner xv xvid zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_US" LIRC_DEVICES="serial" USERLAND="GNU" VIDEO_CARDS="nvidia i810"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS |
|
|
Back to top |
|
|
smerf l33t
Joined: 06 Nov 2004 Posts: 778 Location: Polska
|
Posted: Mon Jul 14, 2008 8:47 pm Post subject: |
|
|
If you log in on console utmp/wtmp records are properly updated? What are permissions/ownership of /var/run/utmp?
(BTW: 'users' output is easier to parse) _________________ Microsoft is not the answer, Microsoft is the question, the answer is no. |
|
Back to top |
|
|
phsdv Guru
Joined: 13 Mar 2005 Posts: 372 Location: Europe
|
Posted: Mon Jul 14, 2008 9:48 pm Post subject: |
|
|
smerf wrote: | If you log in on console utmp/wtmp records are properly updated? What are permissions/ownership of /var/run/utmp? |
Code: | $ ll /var/run/utmp
-rw-r--r-- 1 root utmp 3840 Jul 14 18:01 /var/run/utmp
$ ll /var/log/wtmp
-rw-r--r-- 1 root utmp 467328 Jul 14 18:01 /var/log/wtmp | When I log in an the console, 'who' and 'last' are working correctly. It seems related to xdm/xfce4 only.
'users' is also returning empty when I am logged in via xdm/xfce4, but works when I log in on the console. |
|
Back to top |
|
|
smerf l33t
Joined: 06 Nov 2004 Posts: 778 Location: Polska
|
Posted: Tue Jul 15, 2008 8:35 am Post subject: |
|
|
Try giving utmp group write access.
Maybe xdm is dropping privileges to early...
You can trace all utmp read/write attempts using audit:
auditctl -w /var/run/utmp -p war -k UTMP
and later
ausearch -k UTMP
You'll see what processes are trying to read/write from/to utmp. Maybe you will
need to make filter more specific and show only unsuccessful write attempts:
auditctl -w /var/run/utmp -p w -k UTMP_FW -F success=no
ausearch -k UTMP_FW
Read manual for details, you need kernel with auditing and sys-process/audit.
Alternatively you can try using strace -p [xdm pid]... _________________ Microsoft is not the answer, Microsoft is the question, the answer is no. |
|
Back to top |
|
|
phsdv Guru
Joined: 13 Mar 2005 Posts: 372 Location: Europe
|
Posted: Tue Jul 15, 2008 6:22 pm Post subject: |
|
|
Thanks for the tips. I tried auditctl and it shows in sequence the following (truncated): Code: | ... success=yes ... uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sessreg" exe="/usr/bin/sessreg"
... success=yes ... exe="/usr/bin/xdm" key="UTMP"
... success=no .... uid=501 gid=100 euid=501 suid=501 fsuid=501 egid=406 sgid=406 fsgid=406 tty=(none) comm="gnome-pty-helpe" exe="/usr/libexec/gnome-pty-helper" key="UTMP" | When I make /var/run/utmp group writeable, 'who' and 'users' do see a logged-in user for each opened terminal in X11.
Now my question is: does /var/run/utmp really needs to be group writable (does it hurt to leave it like that)? Or does gnome-pty-helper (x11-libs/vte-0.16.13) has a bug?
Second question, why does a successful login into xdm not show as a user in utmp? According to man xdm this should be done in a xstartup script: Code: | The Xstartup program is run as root when the user logs in. It is typically a shell script. Since it is run as root, Xstartup should be very careful about security. This is the place to put commands which add entries to /etc/utmp (the sessreg program may be useful here), mount users' home directories from file servers, or abort the session if logins are not allowed.
| I assume that /var/run/utmp is used on gentoo i.s.o. mentioned /etc/utmp. The startup script on my system (according to /etc/X11/xdm/xdm-config) is:/usr/lib/X11/xdm/Xstartup
Code: | #!/bin/sh
# Register a login (derived from GiveConsole as follows:)
#
/usr/bin/sessreg -a -w "/var/log/wtmp" -u "/var/run/utmp" -x "XDMCONFIGDIR/Xservers" -l $DISPLAY -h "" $USER | The -a option tells the system to add $user to utmp. But I do not see it there (anymore?).
Summary: adding group permissions to utmp makes that any open terminal in a xsession show up in utmp. The X session it self is not seen in utmp. When no terminal is open, 'who' still returns nothing (except the console I am logged in of course). Although sessreg should add the user to utmp, it does not seem to work (or it is removed again from utmp). |
|
Back to top |
|
|
smerf l33t
Joined: 06 Nov 2004 Posts: 778 Location: Polska
|
Posted: Tue Jul 15, 2008 7:51 pm Post subject: |
|
|
I did some research and (vteapp.c):
Code: | if (!console) {
if (shell) {
/* Launch a shell. */
_VTE_DEBUG_IF(VTE_DEBUG_MISC)
vte_terminal_feed(terminal, message, -1);
vte_terminal_fork_command(terminal,
command, NULL, env_add,
working_directory,
TRUE, TRUE, TRUE); |
where (vte.c)
Code: |
/**
* vte_terminal_fork_command:
* @terminal: a #VteTerminal
* @command: the name of a binary to run, or %NULL to get user's shell
* @argv: the argument list to be passed to @command, or %NULL
* @envv: a list of environment variables to be added to the environment before
* starting @command, or %NULL
* @directory: the name of a directory the command should start in, or %NULL
* @lastlog: %TRUE if the session should be logged to the lastlog
* @utmp: %TRUE if the session should be logged to the utmp/utmpx log
* @wtmp: %TRUE if the session should be logged to the wtmp/wtmpx log
*
* Starts the specified command under a newly-allocated controlling
* pseudo-terminal. The @argv and @envv lists should be %NULL-terminated, and
* argv[0] is expected to be the name of the file being run, as it would be if
* execve() were being called. TERM is automatically set to reflect the
* terminal widget's emulation setting. If @lastlog, @utmp, or @wtmp are %TRUE,
* logs the session to the specified system log files.
*
* Returns: the ID of the new process
*/
pid_t
vte_terminal_fork_command(VteTerminal *terminal,
const char *command, char **argv, char **envv,
const char *directory,
gboolean lastlog, gboolean utmp, gboolean wtmp)
|
so, vte will update utmp/wtmp anyway... mine (tilda) registers every tab!
AFAIR there was an option for gnome-terminal to turn this off...
/var/tun/utmp should be utmp-group-writable because:
Code: | -rwxr-s--x 1 root utmp 9476 VII 5 23:39 /usr/libexec/gnome-pty-helper |
I don't have /usr/bin/sessreg, I do not use xdm (or anything like that, I love to login on a console and use startx) _________________ Microsoft is not the answer, Microsoft is the question, the answer is no. |
|
Back to top |
|
|
phsdv Guru
Joined: 13 Mar 2005 Posts: 372 Location: Europe
|
Posted: Wed Jul 16, 2008 4:23 pm Post subject: |
|
|
smerf wrote: | so, vte will update utmp/wtmp anyway... mine (tilda) registers every tab! | I do not mind that too much. smerf wrote: | /var/tun/utmp should be utmp-group-writable because:
Code: | -rwxr-s--x 1 root utmp 9476 VII 5 23:39 /usr/libexec/gnome-pty-helper |
| I am using openrc/baselayout-2 which sets the permsions to 644 by default. I am not sure baselayout-1 does this too. But I have asked if this can be changed.
smerf wrote: | I don't have /usr/bin/sessreg, I do not use xdm (or anything like that, I love to login on a console and use startx) | I'll digg deeper into sessreg/xdm as soon as I have some more time. Smerf, thanks for your help sofar! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|